How to Protect XSS using Middleware In Laravel 8 Laravel 9

Sovary September 25, 2022 514
3 minutes read

In this article we will walk through how to implement middleware for XSS protection in Laravel 8. We will use middleware for web security to protect from XSS attack. We will remove HTML tags from filter user input value so they can not exploit you website through XSS. Input sanitization is a security protocol for inspecting, filtering, and sanitizing data input from app users. You can apply this function in Laravel 6, Laravel 7, Laravel 8, and Laravel 9 the different is in Route.php where you have to define in own different version.

What is XSS?

Cross-site scripting (XSS) is a type of web security issue that attacker insert malicious script into a website. This is usually happen in form of browser which not sanitizing HTML tag from the user. The attacker send malicious script to everyone who visited the infected website. The other end user’s browser has no way to know that the script should not be trusted, and will execute the script.

Today I will show you how to protect and implement in Laravel project, so that you will help your visitor as well as your website from XSS attack in Laravel.

Middleware for XSS Protection in Laravel

  • Step 1 - Install Laravel
  • Step 2 - Create Middleware
  • Step 3 - Register Middleware
  • Step 4 - Apply Middleware in Route

Step 1 - Install Laravel

Firstly, we install Laravel so you have to connect to internet and installed via composer. We don't need to store data in database so you may not required configure database connection in this step.

Launch command prompt (cmd), and run command as below

composer create-project laravel/laravel blog

Step 2 - Create Middleware

Now we will create new custom middleware with running command below, so open your terminal and run the command in root Laravel project

php artisan make:middleware XSS

The file will generated automatically, so next we will implement some code to filter out the XSS DOM.

Open file app -> Http -> Middleware -> XSS.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
class XSS
{
    /**
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        $input = $request->all();
        array_walk_recursive($input, function($input) {
            $input = strip_tags($input);
        });
        $request->merge($input);
        return $next;
    }
}

Step 3 - Register Middleware

Then now we will register the middleware in kernel.php.

Open file app -> Http -> Kernel.php

<?php

namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel
{
    ....
    /**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        ....
        'XSS' => \App\Http\Middleware\XSS::class,
    ];
}

Step 4 - Apply Middleware in Route

This step is final step which to add middleware to the route which want to filter out the HTML tags. For example, I have a blog and allow user to comment below article so I will filter out HTML tags when they view the comment and add new comment. Example below suppose I have create a controller file CommentController.php which can do the function as described.

Open file routes -> web.php

<?php

use Illuminate\Support\Facades\Route;
use App\Http\Middleware\XSS;
use App\Http\Controllers\CommentController;

Route::middleware(['XSS'])->group(function()
{
    Route::get('comment', [CommentController::class,'index']);
    Route::post('comment', [CommentController::class,'store'])->name('comment.save');
});

Thanks for read my article, hope it would guide you and help your project. Have a nice day!

You might also like...

 

Laravel  PHP  Laravel 9  Laravel Middleware 
Author

As the founder and passionate educator behind this platform, I’m dedicated to sharing practical knowledge in programming to help you grow. Whether you’re a beginner exploring Machine Learning, PHP, Laravel, Python, Java, or Android Development, you’ll find tutorials here that are simple, accessible, and easy to understand. My mission is to make learning enjoyable and effective for everyone. Dive in, start learning, and don’t forget to follow along for more tips and insights!. Follow him