Skip to content

Instantly share code, notes, and snippets.

@tonybyng
Forked from kirkbushell/XSSProtection.php
Created August 21, 2017 07:19
Show Gist options
  • Save tonybyng/2242badbbda1236fa62f22febd9f68eb to your computer and use it in GitHub Desktop.
Save tonybyng/2242badbbda1236fa62f22febd9f68eb to your computer and use it in GitHub Desktop.
Laravel 5 XSS protection middleware
class XSSProtection
{
/**
* The following method loops through all request input and strips out all tags from
* the request. This to ensure that users are unable to set ANY HTML within the form
* submissions, but also cleans up input.
*
* @param Request $request
* @param callable $next
* @return mixed
*/
public function handle(Request $request, \Closure $next)
{
if (!in_array(strtolower($request->method()), ['put', 'post'])) {
return $next($request);
}
$input = $request->all();
array_walk_recursive($input, function(&$input) {
$input = strip_tags($input);
});
$request->merge($input);
return $next($request);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment