Security
Input
Validation
Last updated
2 years ago.
Solution
You could use the helper below to clean any html tags by converting them into their html entity equivalent. You don't need to worry about SQL injection as laravel uses prepared statements. In the newer versions of laravel you can use {{{ your_data }}} when showing the entered data on screen to escape it.
class XssHelper {
public static function cleanInput($data) {
$sanitized = htmlentities($data);
return($sanitized);
}
}
Last updated
9 years ago.
Laravel 5 escapes your output with 2 curly braces. 3 braces is unnecessary, and that was a feature from Laravel 4.
Also, if you want to sanitize input from an editor like tinymce or something, then HTML purifier is probably the best method of doing so. There is also a package for it too.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast