Application is insecure problem

Hello

I got issue from a reviewer but I can not reproduce it

Application is insecure: https://envato.d.pr/YYg9rB

I do add escape function in the search input (https://prnt.sc/u1bbpv)

But reviewer still say issue still remains: 1. Issue remains: https://envato.d.pr/rDJEop

Our demo url is http://martfury.bookingcore.org/

Please help

You have to sanitize your inputs. Please check your full script carefully. O am sure you will find the code where you need to add the sanitization

Do you know why reviewer does not give detailed information about the issue?

Hi

Assuming reviewer focused on sanitize your input. To keep yourself safe from XSS, you must sanitize your input. Your application code should never output data received as input directly to the browser without checking it for malicious code.

Thanks

I understand about it, that why I always use {{ }} from Laravel Blade to sanitize the input value https://prnt.sc/u1bbpv, so it will be helpful if you guys can show me how to reproduce the issue

That looks ok. I don’t think the issue is there. I once had similar issue. But, I found where it is. Please check codes that are written like that {!!}

ok I will check it again

I agree with @Bad_X , check your blade templates for code like this

{! $foo-> bar !}

Someone can inject text like

< script > alert(‘XXS’);< /script >

One solution could be a runtime helper function to strip out the < script > tag

{! cleanThisText($foo-> bar) !}