TCS
Reputation: 779
Laravel XSS Attack Protection
I'm using "summernote" rich content editor for inserting content for my website. But I want to make some "XSS protections".
For example If user insert data like;
<p>hi there</p><script>alert("deneme")</script>
I want to show HTML but stop script etc. harmful content.
{!! $find->description !!}}
returns alert dialog. And I want to stop that things.
Whats the resolve of that? How can we make XSS protection?
Upvotes: 0
Views: 1255
Answers (1)
diegopso
Reputation: 457
I think you can use the PHP strip_tags function, which removes unwanted tags. You can whitelist the tags you want present in your output HTML and the other harmful tags will be wiped away.
Would be something like:
{!! strip_tags($find->description, '<p><i><br><strong>...') !!}}
Upvotes: 2
Related Questions
- xss with laravel 5.1
- Codeigniter XSS protection
- How can I allow WYSIWYG editors and disable XSS attacks using Laravel?
- How and where can XSS protection be applied in Laravel?
- How to secure my laravel app from Cross-Site Scripting?
- Laravel: sanitize user input against XSS when HTML tags are allowd
- How to protect ajax requests in Laravel?
- Laravel5 - How to render only html tags not javascript in Blade?
- CakePHP : Prevent XSS attacks
- CakePhp: Avoid XSS attack keeping the ease of use of cake