Download the PHP package masterro/laravel-xss-filter without Composer
On this page you can find all versions of the php package masterro/laravel-xss-filter. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download masterro/laravel-xss-filter
More information about masterro/laravel-xss-filter
Files in masterro/laravel-xss-filter
Package laravel-xss-filter
Short Description Filter user input for XSS but don't touch other html
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package laravel-xss-filter
XSS Filter/Sanitizer for Laravel
Configure once and forget about XSS attacks!
It does not remove the html, it is only escaped script tags and embeds.
However, by default, it does delete inline event listeners such as onclick.
Optionally they also can be escaped (set escape_inline_listeners to true in xss-filter.php config file).
For example
will be transformed to
This allows to render html in views based on users' input and don't be afraid of XSS attacks and embed elements.
Installation
Step 1: Composer
From command line
Step 2: publish configs (optional)
From command line
Step 3: Middleware
You can register \MasterRO\LaravelXSSFilter\FilterXSS::class for filtering in global middleware stack, group middleware stack or for specific routes.
Have a look at Laravel's middleware documentation, if you need any help.
Livewire
If you are using Livewire you can either register global middleware to all the update livewire requests. This special middleware will clean only required part of Livewire request payload and will not touch snapshot so the component checksum still would be valid.
Or you can apply middleware to specific routes and add it to persistent list to ensure inputs are cleared on subsequent component requests:
NOTE! If you have both Livewire components and traditional Controllers you can apply only FilterXSSLivewire::class middleware for all required routes or globally. It will fall back to base logic for non Livewire requests.
Usage
After adding middleware, every request will be filtered.
If you need to specify attributes that should not be filtered add them to xss-filter.except config. By default, filter excepts password and password_confirmation fields.
If you want to clean some value in other place (i.e. Controller) you can use XSSCleaner Facade.
