artisanpack-ui / security
Provides escaping and sanitation functions to provide security for Digital Shopfront CMS.
Requires
- php: ^8.2
- illuminate/support: >=5.3
- laminas/laminas-escaper: ^2.16
Requires (Dev)
- orchestra/testbench: ^10.2
- pestphp/pest: ^3.8
- pestphp/pest-plugin-laravel: ^3.1
README
A comprehensive security package for Laravel applications, specifically designed for the Digital Shopfront CMS. This package provides essential data sanitization and output escaping functions to protect against common web vulnerabilities like XSS attacks, SQL injection, and data corruption.
Features
- Comprehensive Sanitization: Clean user input with specialized functions for emails, URLs, text, dates, and more
- Context-Aware Escaping: Safely escape output for HTML, attributes, URLs, JavaScript, and CSS contexts
- HTML Filtering: WordPress-style HTML filtering with
kses()function - Laravel Integration: Facade and global helper functions for easy usage
- Battle-Tested: Built on proven libraries like Laminas Escaper
- Full Test Coverage: Extensively tested for reliability
Quick Start
Installation
Install the package via Composer:
composer require ArtisanPackUI/security
Basic Usage
Use the Security facade:
use ArtisanPackUI\Security\Facades\Security;
// Sanitize input
$cleanEmail = Security::sanitizeEmail($userEmail);
// Escape output
echo Security::escHtml($userContent);
Or use global helper functions:
// Sanitize input
$cleanEmail = sanitizeEmail($userEmail);
// Escape output
echo escHtml($userContent);
Documentation
- Getting Started - Installation, setup, and basic usage
- API Reference - Complete function reference with examples
- Security Guidelines - Best practices and security considerations
- AI Guidelines - Guidelines for AI code generation
- Contributing - How to contribute to this project
- Changelog - Version history and changes
Available Functions
Sanitization Functions
sanitizeEmail()- Clean email addressessanitizeUrl()- Sanitize URLssanitizeText()- Remove HTML and clean textsanitizeInt()- Convert to safe integerssanitizeArray()- Recursively clean arrays- And more...
Escaping Functions
escHtml()- HTML context escapingescAttr()- HTML attribute escapingescUrl()- URL escapingescJs()- JavaScript context escapingescCss()- CSS context escaping
HTML Filtering
kses()- WordPress-style HTML filtering
Security
If you discover any security vulnerabilities, please follow our security reporting guidelines. Do not open public issues for security vulnerabilities.
Contributing
We welcome contributions! Please see our Contributing Guide for details on how to contribute to this project.
About Digital Shopfront CMS
This package is part of the ArtisanPack UI ecosystem for Digital Shopfront CMS. Learn more about the full CMS in our main documentation.
License
This project is open-sourced software licensed under the MIT license.