In addition to the risk already mentioned above, there are countless others.
When you use $this
within a view blade
, you have access to the Illuminate\View\View
instance.
Without countering other methods he could play around with his system.
Just to reinforce the above answer, look at another "crap" that could happen:
File::deleteDirectory('diretorio_importante_do_seu_sistema');
You could also change some configuration file, such as mail.php
and make a clutter on your system:
file_put_contents(app_path('config/mail.php'), var_export($configuracoes_malicosas, true));
Perhaps the solution in your case is to pre-process a possible template sent by a user. Or, have a lock, for someone to analyze the content of that view and only then to publish effectively.
I do not know if this is the idea, but it seems like you want to do something similar to Wordpress.
Laravel already has a CMS, I do not know if it resolves, but I'll leave the link so that you can analyze and see if it meets your need.
link