blade syntax for public usage like shopify

[sarmenb]

i really like how shopify users can modify their templates without direct access to the server files. ive always wanted to create a feature like shopify that would allow members of a platform to be able to modify the templates using a blade like syntax without having to worry about security and im not really surw how this would be implemented with existing technology.

[dennisprudlo]

You can use the compileString method.

Blade::compileString('This is @if (true) working @else not working @endif')

This will evaluate into: 'This is <?php if(true): ?> working <?php else: ?> not working <?php endif; ?>'. You can put this content then in a file and store it somewhere. When you need this just @include it in your view.

If you compile Blade a user has written in a texteditor remember he could use variables he is not supposed to or display data he is not supposed to.

Blade::compileString('@foreach (User::all() as $user) <div>{{ $user->email }}: {{ $user->some_secret_token }}</div> @endforeach')

This code would display a list of all users with their email address and some secret token they may have stored. Don't forget within blade you can use every PHP feature and have total control over the database. You could even delete all data. So if only you as an admin want to dynamically write blade templates and you know what you are doing this is fine. As soon as someone who is not familiar with blade or is not supposed to have that kind of access you shouldn't do this.