Binput Is An Input Protector For Laravel
- dev-master / 7.1.x-dev
This package is auto-updated.
Last update: 2020-01-25 16:08:36 UTC
Laravel Binput was created by, and is maintained by Graham Campbell, and is an input protector for Laravel that prevents potentially dangerous elements like
<script> tags in any input you receive, from doing harm. It utilises my Laravel Security package, which cleans the input using voku/anti-xss. Feel free to check out the change log, releases, security policy, license, code of conduct, and contribution guidelines.
Laravel Binput requires PHP 7.1-7.4. This particular version supports Laravel 5.5-7.
To get the latest version, simply require the project using Composer:
$ composer require graham-campbell/binput
Once installed, if you are not using automatic package discovery, then you need to register the
GrahamCampbell\Binput\BinputServiceProvider service providers in your
You can also optionally alias our facade:
'Binput' => GrahamCampbell\Binput\Facades\Binput::class,
Laravel Binput requires no configuration. Just follow the simple install instructions and go!
This is the class of most interest. It is bound to the ioc container as
'binput' and can be accessed using the
Facades\Binput facade. There are a few public methods of interest.
'old' methods have an identical api to the methods found on the laravel request class accept from they all accept two extra parameters at the end. The first extra parameter is a boolean representing if the input should be trimmed. The second extra parameter is a boolean representing if the input should be xss cleaned. Both extra parameters are default to true.
There are two additional methods added to the public api. The first is a method called
'map' which will remap the output from the
'only' method. The
'map' function requires an associative array as the first parameter. The second method is the
'clean' function. It takes three parameters. The first is the value to be cleaned (it can be an array, and will be recursively iterated over and cleaned), and the final two are trim and clean, which behave in the same way as earlier.
Any methods not found on this binput class will actually fall back to the laravel request class with a dynamic call function, so every other method on the request class is available in exactly the same way it would be on the Laravel request class.
This facade will dynamically pass static method calls to the
'binput' object in the ioc container which by default is the
This class contains no public methods of interest. This class should be added to the providers array in
config/app.php. This class will setup ioc bindings.
Here you can see an example of just how simple this package is to use.
// request input data: ['test' => '123', 'foo' => '<script>alert(\'bar\');</script> '] $input = Binput::all(); // ['test' => '123', 'foo' => '']
If you discover a security vulnerability within this package, please send an email to Graham Campbell at email@example.com. All security vulnerabilities will be promptly addressed. You may view our full security policy here.
Laravel Binput is licensed under The MIT License (MIT).Get professional support for Laravel Binput with a Tidelift subscription
Tidelift helps make open source sustainable for maintainers while giving companies
assurances about security, maintenance, and licensing for their dependencies.