How can you apply xss filters in laravel 4 framework?

Question

How do you think about security in laravel 4 ? I mean how laravel is managing xss attacks ?

In codeigniter you have someting like xss_clean($_GET['yourValue']) to clean user input fom xss code.

How laravel manage those kind of problems ? You get user values using Input::get('yourValue') but how do you apply an xss filter to it ? It comes with this functionality out of the box or what ?

Answer 1

You can use App::before event to filter all of your inputs like this

App::before(function($request)
{
    Input::merge(array_strip_tags(Input::all()));
}

The array_strip_tags function is given below, I've put it in a helper file to call it directly, you may use it as a helper function or as a library but it's easy to use it as a helper function, just create a helper file inside app/start/ folder and give it a name, for example custom_helper.php and include it inside global.php file like this

require '/custom_helpers.php';

Function array_strip_tags

function array_strip_tags($array)
{
    $result = array();
    foreach ($array as $key => $value) {
        $key = strip_tags($key);
        if (is_array($value)) {
            $result[$key] = array_strip_tags($value);
        }
        else {
            $result[$key] = strip_tags($value);
        }
    }
    return $result;
}

This is copied from an working project of mine.