Laravel 9 Create Middleware For XSS Protection

Websolutionstuff | Apr-30-2022 | Categories : Laravel PHP

In this article, we will see laravel 9 create middleware for XSS protection. Cross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. In laravel 9 we use middleware for prevent xss attack on website security. It's very necessory protection from xss attack or any other cyberattack on the website.

So, let's see how to create middleware for XSS protection in laravel 9, laravel 9 XSS validation, laravel 9 create middleware, laravel 9 XSS protection, XSS protection laravel 9.

The XSS filter through we can remove the HTML tag from our input value and also it's very important to remove html tag for the security. Input sanitization is a security protocol for checking, filtering, and cleaning data inputs from app users.

Types of XSS attacks?

There are three main types of XSS attacks:

  • Reflected XSS, where the malicious script comes from the current HTTP request.
  • Stored XSS, where the malicious script comes from the website's database.
  • DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.
Step 1: Create Middleware

In this step, We have to create custom middleware for XSS prevention in laravel 9. So, copy the below command and run it on the terminal.

php artisan make:middleware XSS

 

 

Step 2: Register Middleware

Now, register middleware in app/http/kernel.php path.

class Kernel extends HttpKernel
{
    protected $routeMiddleware = [
        'XSS' => \App\Http\Middleware\XSS::class,
    ];
}

 

Step 3 : Add code In Middleware File

In this step, we can see new file in app/Http/Middleware/XSS.php and then just put the below code in our XSS.php file. You can directly use strip_tags() in any input filed of save data in controller.

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class XSS
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        $input = $request->all();
        array_walk_recursive($input, function(&$input) {
            $input = strip_tags($input);
        });
        $request->merge($input);
        return $next($request);
    }
}

 

 

Step 4 : Route

Now, we are using XSS middleware in our routes.php file

routes/web.php

<?php

use Illuminate\Support\Facades\Route;
use App\Http\Middleware\XSS;
use App\Http\Controllers\UserController;

Route::group(['middleware' => ['XSS']], function () {
    Route::get('xss_prevention', [UserController::class,'xssPrevention']);
    Route::post('xss_prevention_data_store', [UserController::class,'xssPreventionStore'])->name('xssPreventionStore');
});

 


You might also like :

Recommended Post
Featured Post
Laravel 9 Many To Many Polymorphic Relationship
Laravel 9 Many To Many Polymor...

In this article, we will see laravel 9 many to many polymorphic relationship. many to many polymorphic relationship more...

Read More

Apr-06-2022

How To Install phpMyAdmin In Ubuntu
How To Install phpMyAdmin In U...

In this article, we will explore the process of installing phpMyAdmin in Ubuntu. phpMyAdmin is a popular web-based admin...

Read More

Jul-24-2023

How to Set Auto Database BackUp using Cron Scheduler In Laravel
How to Set Auto Database BackU...

In this article, we will see how to set auto database backup using the cron scheduler in laravel. here we will set ...

Read More

Feb-18-2021

Laravel 9 User Role and Permission
Laravel 9 User Role and Permis...

In this article, we will show you laravel 9 user role and permission with an example. here we will see how to set u...

Read More

Mar-02-2022