This solution will work with any type of form fields and text-editors as well. So you will no more required to use any type of sanitizer or filter package for XSS protection. This one works as validation and sanitization process for laravel from XSS attack.
Step-1. create a Middleware inside app/Http/Middleware and name it “XSSProtection”.
Write the functions inside XSSProtection Middleware :
<?php
use Illuminate\Http\Request;
use Closure;
class XSSProtection
{
---------------------------
public function handle($request, Closure $next)
{
$input = array_filter($request->all());
array_walk_recursive($input, function(&$input) {
$input = strip_tags(str_replace(array("<", ">"), '', $input), '<span><p><a><b><i><u><strong><br><hr><table><tr><th><td><ul><ol><li><h1><h2><h3><h4><h5><h6><del><ins><sup><sub><pre><address><img><figure><embed><iframe><video><style>');
});
$request->merge($input);
return $next($request);
}
}
Step-2. Add this Middleware file inside app/Http/Kernel.php
protected $routeMiddleware = [
---------------------------
‘XSS’ => \App\Http\Middleware\XSSProtection::class,
];
Step-3. Now use this Middleware into all of your routes.
Route::middleware([‘XSS’])->group(function () {
// Home Route
Route::get('/', 'HomeController@index')->name('home');
---------------------------
});
Here you go…