Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can you apply xss filters in laravel 4 framework?

Tags:

security

php

laravel

How do you think about security in laravel 4 ? I mean how laravel is managing xss attacks ?

In codeigniter you have someting like xss_clean($_GET['yourValue']) to clean user input fom xss code.

How laravel manage those kind of problems ? You get user values using Input::get('yourValue') but how do you apply an xss filter to it ? It comes with this functionality out of the box or what ?

like image 805
user2029029 Avatar asked Jan 25 '14 19:01

user2029029

People also ask

Does laravel handle XSS?

Laravel Middleware to protect your app against Cross-site scripting (XSS). It sanitizes request input by utilising the Laravel Security package, and it can sanatize Blade echo statements as well.

How does XSS filter work?

XSS filters work by finding typical patterns that may be used as XSS attack vectors and removing such code fragments from user input data. Patterns are most often found using regular expressions.

What are XSS filters?

It enables attackers to bypass client-side security mechanisms normally imposed on web content by modern web browsers by injecting malicious script into web pages viewed by other users.

What is XSS How will you mitigate it?

The following suggestions can help safeguard your users against XSS attacks: Sanitize user input: Validate to catch potentially malicious user-provided input. Encode output to prevent potentially malicious user-provided data from triggering automatic load-and-execute behavior by a browser.

1 Answers

You can use App::before event to filter all of your inputs like this

App::before(function($request)
{
    Input::merge(array_strip_tags(Input::all()));
}

The array_strip_tags function is given below, I've put it in a helper file to call it directly, you may use it as a helper function or as a library but it's easy to use it as a helper function, just create a helper file inside app/start/ folder and give it a name, for example custom_helper.php and include it inside global.php file like this

require '/custom_helpers.php';

Function array_strip_tags

function array_strip_tags($array)
{
    $result = array();
    foreach ($array as $key => $value) {
        $key = strip_tags($key);
        if (is_array($value)) {
            $result[$key] = array_strip_tags($value);
        }
        else {
            $result[$key] = strip_tags($value);
        }
    }
    return $result;
}

This is copied from an working project of mine.

like image 190
The Alpha Avatar answered Nov 14 '22 23:11

The Alpha
Sign in to Comment

Related questions

PHP: How to cast properties of mysqli_result->fetch_object() based on MySQL type?
PHP (Nette framework) automatic coding standards check
Strange characters in first row of array after fgetcsv
How to compute a unique hash for a callable
Mysql Stored Proceedure: DEFINER=`root`@`%` is not working in localhost
Shopping cart in db - order lines table or separate cart table?
PHPMailer - gmail smtp not working properly
PUT request not working with Symfony forms and FosRest
PHP Remove garbage from string
How to send multiple values using ajax to PHP
Variable assignment using logical operators in PHP
Routeboxer server side
How to get the memory available to PHP
Javascript equivalent of PHP's :: (Scope Resolution Operator)
Zend framework 2 : not able to send desired status code in response
Create thumbnail from video without ffmpeg in PHP
How to replace English words interleaved with non-English (UTF-8) words
Why does the Doctrine getter method return null for the ID?
Check value of two-dimensional array in php
php echo html tag so it is viewable (not interpreted as code)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!