You could use the helper below to clean any html tags by converting them into their html entity equivalent. You don't need to worry about SQL injection as laravel uses prepared statements. In the newer versions of laravel you can use {{{ your_data }}} when showing the entered data on screen to escape it.
class XssHelper {
public static function cleanInput($data) {
$sanitized = htmlentities($data);
return($sanitized);
}
}
Laravel 5 escapes your output with 2 curly braces. 3 braces is unnecessary, and that was a feature from Laravel 4.
Also, if you want to sanitize input from an editor like tinymce or something, then HTML purifier is probably the best method of doing so. There is also a package for it too.
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community