Hi in this lecture I am going to show how to sanitize form data in Laravel.

First I am going to show a single field then we will create a middleware.

First, create a model and controller and migrate it after that go to the controller and under the create method paste the below code

public function StoreContact(Request $request){
       $request->validate([
           'name'=>'required',
           'phone'=>'required',
       ]);

       Contact::insert([
           'name'=>$request->name,
           'email'=>$request->email,
           'subject'=>$request->subject,
           'phone'=>$request->phone,
           //'message'=>$request->message,
           'message'=>strip_tags($request->input('message')),//  this way you can sanitize the input field
       ]);
$notification = array(
           'message' => 'Your message has been send!!',
           'alert-type' => 'success'
       );
       return redirect()->route('contact.me')->with($notification);

Contact.php your model file will look like

namespace App\Models;

use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;

class Contact extends Model
{
  use HasFactory;
  protected $guarded=[];
}

web.php file look like

 

use App\Http\Controllers\ProfileController;
use Illuminate\Support\Facades\Route;

use App\Http\Controllers\Home\ContactController;

/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider and all of them will
| be assigned to the "web" middleware group. Make something great!
|
*/

Route::get('/', function () {
   return view('frontend.index');
});

Route::controller(ContactController::class)->group(function(){
   Route::get('/contact','ContactPage')->name('contact.me');
   Route::post('store/message','StoreContact')->name('store.message'); 
});

require __DIR__.'/auth.php';

Now I am going to create middleware.

How to create an XSS middleware in Laravel 

Fire the following command to make a middleware

php artisan make:middleware XssSanitizer

Now, you can see new file in app/Http/Middleware/XssSanitizer.php and just put below code in your XssSanitizer.php file.

XssSanitize.php

namespace App\Http\Middleware;

use Closure;

use Illuminate\Http\Request;

class XssSanitizer

{

   public function handle(Request $request, Closure $next)

   {

       $input = $request->all();

       array_walk_recursive($input, function(&$input) {

           $input = strip_tags($input);

       });

       $request->merge($input);

       return $next($request);

   }

}

Now register our middleware in our app/Http/Kernel.php file. and add the following line in $routeMiddleware array.

Kernel.php

Now register our middleware in our app/Http/Kernel.php file. and add following line in $routeMiddleware array.

Kernel.php

class Kernel extends HttpKernel

{

   ....

   protected $routeMiddleware = [

       'auth' => \App\Http\Middleware\Authenticate::class,

       ....

       'XssSanitizer' => \App\Http\Middleware\XssSanitizer::class,

   ];

}

Route::controller(ContactController::class)->group(function(){
   Route::get('/contact','ContactPage')->name('contact.me');
   Route::post('store/message','StoreContact')->name('store.message')->middleware('XssSanitizer'); 
});

You can also group middleware

Thanks for reading…..