any solutions for XSS attacks in laravel project?

hi respected authors, pls help me to XSS attacks on my site https://workwisetheme.gambolthemes.net/ . how i solve this XSS attack.

Thank you
Gambolthemes

Are you escaping output using double {{ or outputting unescaped like {!! ?

yes this is main syntax for laravel project

Yes what?
Escaped or unescaped?

Escaped

I don’t think so. if you’re escaping output with {{ you can’t have xss.

its true sir two time i suffering this issue any more solution?

Here is your solution…

Step-1. create a Middleware inside app/Http/Middleware and name it “XSSProtection”.

Write the functions inside XSSProtection Middleware :

<?php

use Closure;

class XSSProtection
{
---------------------------
public function handle($request, Closure $next)
{
$input = array_filter($request->all());

    array_walk_recursive($input, function(&$input) {
        $input = strip_tags(str_replace(array("&lt;", "&gt;"), '', $input), '<span><p><a><b><i><u><strong><br><hr><table><tr><th><td><ul><ol><li><h1><h2><h3><h4><h5><h6><del><ins><sup><sub><pre><address><img><figure><embed><iframe><video><style>');
    });

    $request->merge($input);

    return $next($request);
}

}

Step-2. Add this Middleware file inside app/Http/Kernel.php

protected $routeMiddleware = [

‘XSS’ => \App\Http\Middleware\XSSProtection::class,
];

Step-3. Now use this Middleware into all of your routes.

Route::middleware([‘XSS’])->group(function () {

// Home Route
Route::get('/', 'HomeController@index')->name('home');

});

This solution will work with any type of form fields and text-editors as well.