I’m new to Laravel community and recently I tried building a small App. During a security testing I found any input with Script element to a form actually executes that in real time.
Following are the combination of input that I have tried so far.
- Foo (Works Correctly)
- Fooalert(1) (Throws a alert window)
<input type="text" name="name">
This is a security issue and I’m looking on possibilities to fix this. I’m sure any data before entering to database gets sanitized but issue is with HTML display.