Prevent Laravel app from XSS attack by using Middleware

This solution will work with any type of form fields and text-editors as well. So you will no more required to use any type of sanitizer or filter package for XSS protection. This one works as validation and sanitization process for laravel from XSS attack.

Step-1. create a Middleware inside app/Http/Middleware and name it “XSSProtection”.

Write the functions inside XSSProtection Middleware :

<?php

use Illuminate\Http\Request;
use Closure;

class XSSProtection
{
---------------------------
public function handle($request, Closure $next)
{
$input = array_filter($request->all());

    array_walk_recursive($input, function(&$input) {
        $input = strip_tags(str_replace(array("&lt;", "&gt;"), '', $input), '<span><p><a><b><i><u><strong><br><hr><table><tr><th><td><ul><ol><li><h1><h2><h3><h4><h5><h6><del><ins><sup><sub><pre><address><img><figure><embed><iframe><video><style>');
    });

    $request->merge($input);

    return $next($request);
}

}

Step-2. Add this Middleware file inside app/Http/Kernel.php

protected $routeMiddleware = [
---------------------------
‘XSS’ => \App\Http\Middleware\XSSProtection::class,
];

Step-3. Now use this Middleware into all of your routes.

Route::middleware([‘XSS’])->group(function () {

// Home Route
Route::get('/', 'HomeController@index')->name('home');
---------------------------

});

Here you go…