Support the ongoing development of Laravel.io →
Security Input Forms
Last updated 2 years ago.
0

You can try this:

{{{test}}}

instead of using {{}} The {{{ }}} escape the string.

Cheers.

Last updated 2 years ago.
0

psychonetic said:

You can try this:

{{{test}}}

instead of using {{}} The {{{ }}} escape the string.

Cheers.

this clear output, what about saving data in database, clearing sql injection codes, javascript code from form feilds

Last updated 2 years ago.
0

Laravel query builder uses PDO paramater binding, you don't have to worry about SQL injection. Of course If you use raw queries, you have to deal with them by yourself.

// You are safe
$results = DB::select("select * from users where id = ?", array(Input::get('id')));

// You are NOT safe
$results = DB::select(DB::raw("select * from users where id =".Input::get('id')));

XSS is more complex than SQL injection. You need a third party library. I suggest HTML Purifier

Last updated 2 years ago.
0

XSS is solved by escaping the output ( {{{ $var }}} ), so the html/js doesn't get executed.

Last updated 2 years ago.
0

well i have used binput package to filter form inputs it work great like codeigniter xss filters before saving data, but one problem i am facing i can not update laravel framework from 4.1 to 4.2 because this package right now support only 4.1

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

umefarooq umefarooq Joined 24 Feb 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.