@php $appHost = parse_url(config('app.url'), PHP_URL_HOST); @endphp {{-- DNS Instructions --}} @if($existingDomain)

{{ __('filament/domain_settings.current_domain_label') }} {{ $existingDomain->domain }}

@if($existingDomain->isVerified()) {{ __('filament/domain_settings.status_verified') }} @else {{ __('filament/domain_settings.status_pending') }} @endif

{{ __('filament/domain_settings.dns_record_lede') }}

{{ __('filament/domain_settings.col_type') }} {{ __('filament/domain_settings.col_name') }} {{ __('filament/domain_settings.col_value') }}
{{ __('filament/domain_settings.dns_record_type_cname') }} {{ $existingDomain->domain }} {{ $appHost }}
@if($existingDomain->verification_token) {{-- XSS fix: $existingDomain->domain is tenant-admin typed input; __() does NOT escape :placeholder substitutions; this paragraph renders raw via {!! !!} because the lang string itself contains trusted wrappers. e() each user value before substitution so a tenant who saves "" as their domain can't fire stored-XSS on this admin page. --}}

{!! __('filament/domain_settings.dns_txt_hint_html', ['domain' => e($existingDomain->domain), 'token' => e($existingDomain->verification_token)]) !!}

@endif

{{ __('filament/domain_settings.dns_propagation_hint') }}

@endif {{-- NOTE: the next style="..." is DYNAMIC — its value is computed from $existingDomain at render time, so it is acceptable per the "no inline styles unless dynamic" rule. --}}
{{ $this->form }}
{{ __('filament/domain_settings.save_domain') }}