upthemedia/xss-protection

filter xss in inputs

Maintainers

Details

github.com/upthemedia/xssprotection

Source

Issues

Installs: 1 118

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 3

Forks: 0

Open Issues: 0

0.0.8 2020-12-14 21:52 UTC

Requires

  • php: >=5.3.0

MIT 1347c2b6ca290996c6d65b221ad0acd8b5793fd8

  • Jose Suárez Bravo <jsuarez.woop@upthemedia.com>

laravelxss

This package is not auto-updated.

Last update: 2024-05-28 14:11:07 UTC

README

Block the XSS entry globally in your Laravel projects. It can be used in two different ways. Or through a middleware that affects all the requests, or through the FormRequest

Install

composer

composer require upthemedia/xss-protection

Configuration

Use Middleware To use globally throughout the project it is necessary to create a middeware and add it to Kernel.php in protected $middleware

<?php
namespace App\Http\Middleware;  
use Closure;
use Illuminate\Http\Request;
use Upthemedia\XssProtection\XssProtectionTrait;  
final class XssClean {  
    use XssProtectionTrait;  
    public function handle(Request $request, Closure $next)  
    {  
	    $input = $request->all();  
	    array_walk_recursive($input, function(&$input) {  
		    $input = $this->xss_clean($input);  
		});  
		$request->merge($input);  
		return $next($request);
	}
}

File Kernel.php

<?php  
namespace App\Http;  
use Illuminate\Foundation\Http\Kernel as HttpKernel;  

class Kernel extends HttpKernel{  
/**
* The application's global HTTP middleware stack.
* These middleware are run during every request to your application. 
* 
* @var array   
*/  
protected $middleware = [
     \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,  			
     \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,  
     \App\Http\Middleware\TrimStrings::class,  
     \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,  
     \App\Http\Middleware\XssClean::class  //Add Middleware XSS
      ];

Use in FormRequest To use in FormRequest it is only necessary to import the XssProtectionTrait In this case it will execute the clean xss on both inputs

<?php  
namespace App\Http\Requests;  
use Illuminate\Foundation\Http\FormRequest;
use Upthemedia\XssProtection\XssProtectionTrait;  
class StoreComment extends FormRequest  {  
    use XssProtectionTrait;  
    /**  
    * Determine if the user is authorized to make this request. * * @return bool  
    */  
    public function authorize()  {  
    return true;
    }  
    /**
    *Get the validation rules that apply to the request. * * @return array  
    */  
    public function rules() {  
	    return [  '
		    'comment' => 'require', 
		    'subject  => 'nullable'
		      ];
	}
}