Frontend Security
HTML Content Rendering
Section titled “HTML Content Rendering”Capell sanitizes CMS HTML content by default through RenderHtmlContentAction.
The default mode strips unsafe HTML and leaves Blade directives inert.
CAPELL_RENDER_HTML_CONTENT_WITH_BLADE=true is a compatibility escape hatch for
trusted, developer-authored content. Do not enable it for editor-controlled CMS
content in production, because Blade directives are evaluated server-side.