November 5, 2023
Category : PHP
Laravel
Laravel XSS Protection Middleware Example
Hey Folks,
Here, I will show you laravel xss protection middleware. If you have a question about laravel xss security then I will give a simple example with a solution. If you have a question about laravel xss filter then I will give a simple example with a solution. This post will give you a simple example of laravel x-xss-protection.
XSS(Cross Site Scripting) protection must need in your site because if you do not XSS protection then your site is not secure. XSS filter through you can remove html tag from your input value and it is very important to remove html tag for security. in your laravel application you can implement by using middleware concept in your project. so how to create XSS filter middleware in your laravel application by using following step.
Types of XSS attacks?
There are three main types of XSS attacks:
- Reflected XSS, where the malicious script comes from the current HTTP request.
- Stored XSS, where the malicious script comes from the website's database.
- DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.
Step 1: Install Laravel
This step is not required; however, if you have not created the laravel app, then you may go ahead and execute the below command:
composer create-project laravel/laravel example-app
Step 2: Create Middleware
In this step, open terminal and run below command to create custom middleware file, so let's run below command:
php artisan make:middleware XSS
Now, it's created new XSS.php file. let's update following code on this file.
app/Http/Middleware/XSS.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class XSS
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
$input = $request->all();
array_walk_recursive($input, function(&$input) {
$input = strip_tags($input);
});
$request->merge($input);
return $next($request);
}
}
Step 3: Register Middleware
In this file, we need to register middleware on Kernel.php file. we will call xss of new created middleware. so let's update following file.
app/Http/Kernel.php
<?php
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
....
/**
* The application's route middleware.
*
* These middleware may be assigned to groups or used individually.
*
* @var array
*/
protected $routeMiddleware = [
....
'xss' => \App\Http\Middleware\XSS::class,
];
}
Step 4: Use Middleware
In this step, we will create one route and show you how to use middleware in route file. so let's open your route file and update following code:
routes/web.php
<?php
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\RSSFeedController;
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
Route::group(['middleware' => ['xss']], function () {
Route::get('xss_prevention', [HomeController::class,'xssPrevention']);
Route::post('xss_prevention_data_store', [HomeController::class,'xssPreventionStore'])->name('xssPreventionStore');
});
Run Laravel App:
All the required steps have been done, now you have to type the given below command and hit enter to run the Laravel app:
php artisan serve
Now, Go to your web browser, type the given URL and view the app output:
Read Also: How to Take Browser Screenshots in Laravel?
http://localhost:8000/
I hope it can help you...
Hardik Savani
I'm a full-stack developer, entrepreneur and owner of ItSolutionstuff.com. I live in India and I love to write tutorials and tips that can help to other artisan. I am a big fan of PHP, Laravel, Angular, Vue, Node, Javascript, JQuery, Codeigniter and Bootstrap from the early stage. I believe in Hardworking and Consistency.
We are Recommending you
- How to Call External API in Laravel?
- How to use Laravel Variable in JQuery?
- How to Use Google Translator in Laravel?
- Laravel React JS Pagination using Vite Example
- How to Create Custom Middleware in Laravel?
- Laravel 9 Middleware Tutorial Example
- Laravel Fetch Data using Ajax Example
- Laravel Send Email with Multiple Attachment Example
- Laravel Connect Remote Database using SSH Tunnel Example
- Laravel Carbon Check If Date is Greater Than Other Date
- How to Exclude Route from CSRF Middleware in Laravel?
- How to Call Middleware from Controller in Laravel?
- Laravel User Access Control using Middleware Example
;void(0);){kind=link}
;void(0);){kind=link}