any solutions for XSS attacks in laravel project?

hi respected authors, pls help me to XSS attacks on my site . how i solve this XSS attack.

Thank you

Are you escaping output using double {{ or outputting unescaped like {!! ?

yes this is main syntax for laravel project

Yes what?
Escaped or unescaped?


I don’t think so. if you’re escaping output with {{ you can’t have xss.

its true sir two time i suffering this issue any more solution?

Here is your solution…

Step-1. create a Middleware inside app/Http/Middleware and name it “XSSProtection”.

Write the functions inside XSSProtection Middleware :


use Closure;

class XSSProtection
public function handle($request, Closure $next)
$input = array_filter($request->all());

    array_walk_recursive($input, function(&$input) {
        $input = strip_tags(str_replace(array("&lt;", "&gt;"), '', $input), '<span><p><a><b><i><u><strong><br><hr><table><tr><th><td><ul><ol><li><h1><h2><h3><h4><h5><h6><del><ins><sup><sub><pre><address><img><figure><embed><iframe><video><style>');


    return $next($request);


Step-2. Add this Middleware file inside app/Http/Kernel.php

protected $routeMiddleware = [

‘XSS’ => \App\Http\Middleware\XSSProtection::class,

Step-3. Now use this Middleware into all of your routes.

Route::middleware([‘XSS’])->group(function () {

// Home Route
Route::get('/', 'HomeController@index')->name('home');


This solution will work with any type of form fields and text-editors as well.