In this article, we will see laravel 9 create middleware for XSS protection. Cross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. In laravel 9 we use middleware for prevent xss attack on website security. It's very necessory protection from xss attack or any other cyberattack on the website.
So, let's see how to create middleware for XSS protection in laravel 9, laravel 9 XSS validation, laravel 9 create middleware, laravel 9 XSS protection, XSS protection laravel 9.
The XSS filter through we can remove the HTML tag from our input value and also it's very important to remove html tag for the security. Input sanitization is a security protocol for checking, filtering, and cleaning data inputs from app users.
There are three main types of XSS attacks:
In this step, We have to create custom middleware for XSS prevention in laravel 9. So, copy the below command and run it on the terminal.
php artisan make:middleware XSS
Now, register middleware in app/http/kernel.php path.
class Kernel extends HttpKernel
{
protected $routeMiddleware = [
'XSS' => \App\Http\Middleware\XSS::class,
];
}
In this step, we can see new file in app/Http/Middleware/XSS.php and then just put the below code in our XSS.php file. You can directly use strip_tags() in any input filed of save data in controller.
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class XSS
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$input = $request->all();
array_walk_recursive($input, function(&$input) {
$input = strip_tags($input);
});
$request->merge($input);
return $next($request);
}
}
Now, we are using XSS middleware in our routes.php file
routes/web.php
<?php
use Illuminate\Support\Facades\Route;
use App\Http\Middleware\XSS;
use App\Http\Controllers\UserController;
Route::group(['middleware' => ['XSS']], function () {
Route::get('xss_prevention', [UserController::class,'xssPrevention']);
Route::post('xss_prevention_data_store', [UserController::class,'xssPreventionStore'])->name('xssPreventionStore');
});
You might also like :
In this article, we will see a stripe payment gateway integration example in laravel 8. The stripe payment gateway...
Nov-26-2020
In this post, we will see how to create a dynamic line chart in laravel. A dynamic line chart or line plot or line...
Jul-22-2020
In this tutorial, I will explain the laravel 9 image upload example. image or file upload is the most common task in web...
Feb-28-2022
In this article, we will see how to use an array in React JS. We can use the JavaScript standard Array functio...
Aug-12-2022