Download the PHP package laravelgems/blade-escape without Composer
On this page you can find all versions of the php package laravelgems/blade-escape. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download laravelgems/blade-escape
More information about laravelgems/blade-escape
Files in laravelgems/blade-escape
Package blade-escape
Short Description Custom blade directives to figth against XSS
License MIT
Informations about the package blade-escape
Blade Escape - fight against XSS
Blade Escape is a service provider that extends Blade
directives and allows use Laragems\Escape
library.
Installation
After that add service provider to a config\app.php
HTML - @text($variable), safe
HTML Attribute - @attr(@variable), safe when following rules
Attribute's value should be quoted. For usage with whitelist attributes: align, alink, alt, bgcolor, border, cellpadding, cellspacing, class, color, cols, colspan, coords, dir, face, height, hspace, ismap, lang, marginheight, marginwidth, multiple, nohref, noresize, noshade, nowrap, ref, rel, rev, rows, rowspan, scrolling, shape, span, summary, tabindex, title, usemap, valign, value, vlink, vspace, width
URL Parameter - @param($variable), safe
Javascript Parameter - @js($variable), safe when following rules
Value should be quoted. Avoid using dangerous functions (eval and so on), example - setTimeout("@js($variable)")
(can be hacked!)
CSS - @css($variable), safe when following rules
Surrounded by quotes. Avoid complex properties like url
, behavior
and custom (-moz-binding
). Do not put untrusted data into IE's expression property value
Must Read: QWASP - XSS Prevention Cheat Sheet
You don't like the names of directives. Ok, just change them in a published config.