Download the PHP package masterro/laravel-xss-filter without Composer

On this page you can find all versions of the php package masterro/laravel-xss-filter. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package laravel-xss-filter

Latest Stable Version Total Downloads Build Status License

StandWithUkraine

XSS Filter/Sanitizer for Laravel

Configure once and forget about XSS attacks!

It does not remove the html, it is only escaped script tags and embeds.
However, by default, it does delete inline event listeners such as onclick. Optionally they also can be escaped (set escape_inline_listeners to true in xss-filter.php config file).

For example

will be transformed to

This allows to render html in views based on users' input and don't be afraid of XSS attacks and embed elements.

Installation

Step 1: Composer

From command line

Step 2: publish configs (optional)

From command line

Step 3: Middleware

You can register \MasterRO\LaravelXSSFilter\FilterXSS::class for filtering in global middleware stack, group middleware stack or for specific routes.

Have a look at Laravel's middleware documentation, if you need any help.

Livewire

If you are using Livewire you can either register global middleware to all the update livewire requests. This special middleware will clean only required part of Livewire request payload and will not touch snapshot so the component checksum still would be valid.

Or you can apply middleware to specific routes and add it to persistent list to ensure inputs are cleared on subsequent component requests:

NOTE! If you have both Livewire components and traditional Controllers you can apply only FilterXSSLivewire::class middleware for all required routes or globally. It will fall back to base logic for non Livewire requests.

Usage

After adding middleware, every request will be filtered.

If you need to specify attributes that should not be filtered add them to xss-filter.except config. By default, filter excepts password and password_confirmation fields.

If you want to clean some value in other place (i.e. Controller) you can use XSSCleaner Facade.

Runtime configuration

I will be grateful if you star this project :)


All versions of laravel-xss-filter with dependencies

PHP Build Version
Package Version
Requires php Version >=8.1
laravel/framework Version ^8.0|^9.0|^10.0|^11.0|^12.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package masterro/laravel-xss-filter contains the following files

Loading the files please wait ....