How To Create Middleware For XSS Protection In Laravel 8

Websolutionstuff | Dec-22-2021 | Categories : Laravel PHP

In this tutorial we will see how to create middleware for xss protection in laravel 8. Cross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.

In laravel 8 we are use middleware for prevent xss attack on website security. It's very necessory protection from xss attack or any other cyber attack on website.

The XSS filter through we can remove the HTML tag from our input value and also it's very important to remove html tag for the security. Input sanitization is a security protocol for checking, filtering, and cleaning data inputs from app users.

What are the types of XSS attacks?

There are three main types of XSS attacks. These are:

  • Reflected XSS, where the malicious script comes from the current HTTP request.
  • Stored XSS, where the malicious script comes from the website's database.
  • DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.



So, let's see how to create middleware for xss protection in laravel 8.

Step 1 : Create Middleware

In this step, We have to create custom middleware for xss prevention in laravel. So, copy below command and run on terminal.

php artisan make:middleware XSS


Step 2 : Register Middleware

Now, register middleware in app/http/kernel.php path.

class Kernel extends HttpKernel
    protected $routeMiddleware = [
        'XSS' => \App\Http\Middleware\XSS::class,



Step 3 : Add code In Middleware File

In this step, we can see new file in app/Http/Middleware/XSS.php and then just put the bellow code in our XSS.php file. You can directly use strip_tags() in any input filed of save data in controller.


namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class XSS
     * Handle an incoming request.
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
    public function handle(Request $request, Closure $next)
        $input = $request->all();
        array_walk_recursive($input, function(&$input) {
            $input = strip_tags($input);
        return $next($request);


Step 4 : Route

Now, we are use XSS middleware in our routes.php file



use Illuminate\Support\Facades\Route;
use App\Http\Middleware\XSS;
use App\Http\Controllers\UserController;

Route::group(['middleware' => ['XSS']], function () {
    Route::get('xss_prevention', [UserController::class,'xssPrevention']);
    Route::post('xss_prevention_data_store', [UserController::class,'xssPreventionStore'])->name('xssPreventionStore');


You might also like :

Recommended Post
Featured Post
How To Install PHP CURL Extension In Ubuntu
How To Install PHP CURL Extens...

In this article, we will focus on the installation process of the PHP cURL extension in Ubuntu 22.04. The PHP cURL exten...

Read More


Laravel 9 Multiple Authentication Using Middleware
Laravel 9 Multiple Authenticat...

In this article, we will see laravel 9 multiple authentications using middleware. Using middleware we authenticate the u...

Read More


How To Create Zip File In Laravel 7/8
How To Create Zip File In Lara...

In this tutorial I will give you example of how to create zip file in laravel 7/8. Some times client's have requirme...

Read More


Laravel AJAX CRUD example
Laravel AJAX CRUD example

Today I will show you how to create ajax crud operations in laravel. In laravel 6/7 ajax crud operation, we can perform...

Read More