In this tutorial we will see how to create middleware for xss protection in laravel 8. Cross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.
In laravel 8 we are use middleware for prevent xss attack on website security. It's very necessory protection from xss attack or any other cyber attack on website.
The XSS filter through we can remove the HTML tag from our input value and also it's very important to remove html tag for the security. Input sanitization is a security protocol for checking, filtering, and cleaning data inputs from app users.
There are three main types of XSS attacks. These are:
So, let's see how to create middleware for xss protection in laravel 8.
In this step, We have to create custom middleware for xss prevention in laravel. So, copy below command and run on terminal.
php artisan make:middleware XSS
Now, register middleware in app/http/kernel.php path.
class Kernel extends HttpKernel
{
protected $routeMiddleware = [
'XSS' => \App\Http\Middleware\XSS::class,
];
}
In this step, we can see new file in app/Http/Middleware/XSS.php and then just put the bellow code in our XSS.php file. You can directly use strip_tags() in any input filed of save data in controller.
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class XSS
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$input = $request->all();
array_walk_recursive($input, function(&$input) {
$input = strip_tags($input);
});
$request->merge($input);
return $next($request);
}
}
Now, we are use XSS middleware in our routes.php file
routes/web.php
<?php
use Illuminate\Support\Facades\Route;
use App\Http\Middleware\XSS;
use App\Http\Controllers\UserController;
Route::group(['middleware' => ['XSS']], function () {
Route::get('xss_prevention', [UserController::class,'xssPrevention']);
Route::post('xss_prevention_data_store', [UserController::class,'xssPreventionStore'])->name('xssPreventionStore');
});
You might also like :
In this tutorial, we will see how to get current month records in MySQL. For data analysis and reporting, we need more d...
Feb-08-2022
Laravel is a fantastic language for web development, but it can throw you a curveball every now and then. If you've...
Jan-09-2023
Hey there, Ever found yourself scratching your head over unexpected errors in your PHP code? Fret not, because today, we...
Dec-15-2023
Hello, laravel web developers! In this article, we'll see how to generate an app key in laravel 11. In laravel 11 we...
May-24-2024