You can try this:
{{{test}}}
instead of using {{}} The {{{ }}} escape the string.
Cheers.
psychonetic said:
You can try this:
{{{test}}}
instead of using {{}} The {{{ }}} escape the string.
Cheers.
this clear output, what about saving data in database, clearing sql injection codes, javascript code from form feilds
Laravel query builder uses PDO paramater binding, you don't have to worry about SQL injection. Of course If you use raw queries, you have to deal with them by yourself.
// You are safe
$results = DB::select("select * from users where id = ?", array(Input::get('id')));
// You are NOT safe
$results = DB::select(DB::raw("select * from users where id =".Input::get('id')));
XSS is more complex than SQL injection. You need a third party library. I suggest HTML Purifier
XSS is solved by escaping the output ( {{{ $var }}} ), so the html/js doesn't get executed.
well i have used binput package to filter form inputs it work great like codeigniter xss filters before saving data, but one problem i am facing i can not update laravel framework from 4.1 to 4.2 because this package right now support only 4.1
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast