distilleries / security
Security Middleweare and Helper
Installs: 9 836
Dependents: 1
Suggesters: 0
Security: 0
Stars: 1
Watchers: 4
Forks: 2
Open Issues: 0
Requires
- php: >=7.1.3
- ezyang/htmlpurifier: ^4.8
- illuminate/support: ~5.7|~5.8|~6.0|~7.0|~8.0|~9.0|~10.0|~11.0
Requires (Dev)
- fakerphp/faker: ^1.23
- mockery/mockery: ~1.0|^1.2.3|^1.3.1|^1.6
- orchestra/testbench: ~3.7|~3.8|^4.0|^5.0|^6.0|^7.0|^8.0|^9.0
- orchestra/testbench-browser-kit: ~3.7|~3.8|^4.0|^5.0|^6.0|^7.0|^8.0|^9.0
- phpunit/phpunit: ~7.0|^8.3|^9.3|^10.1|^11.0.1
This package is auto-updated.
Last update: 2024-10-28 10:42:40 UTC
README
Security
Is package to sanitize each data from middleware or it's can me use in standalone to sinitize strings.
Table of contents
Require
- Php 7.1.3 or more
Installation
Add on your composer.json
"require": { "distilleries/security": "1.*", }
run composer update
.
Publish the configuration:
php artisan vendor:publish --provider="Distilleries\Security\SecurityServiceProvider"
Configurations
return [ 'xss_enable'=> env('SECURITY_XSS_ENABLE',true), 'html_purifier'=> env('SECURITY_HTML_PURIFIER_ENABLE',true) ];
Add the Middleware on the kernel file.
protected $middleware = [ \Distilleries\Security\Http\Middleware\XSS::class ];
Standalone usage
You can use the class Security to sanitize data directly
Sinitize string
$xss = new \Distilleries\Security\Helpers\Security(); $xss->xss_clean('<a href="javascript:aler('test')">Click to alert</a>');
Should return Click to alert
Entity decode
This function is a replacement for html_entity_decode()
The reason we are not using `html_entity_decode() by itself is because while it is not technically correct to leave out the semicolon at the end of an entity most browsers will still interpret the entity correctly. html_entity_decode() does not convert entities without semicolons, so we are left with our own little solution here. Bummer.
$xss = new \Distilleries\Security\Helpers\Security(); $xss->entity_decode(<a href="javascript:alert('test')">Test</a>');
Should return Test
Sinitize file path
$xss = new \Distilleries\Security\Helpers\Security(); $xss->sanitize_filename('./../test.jgp',true);
Should display ./test.jpg instead of ./../test.jgp. The last parameter it's to allow or disallow relative path
$xss = new \Distilleries\Security\Helpers\Security(); $xss->sanitize_filename('./../test.jgp',false);
Should display test.jpg instead of ./../test.jgp.