Best way to sanitize Input data to avoid script execution

  laravel, php

Background Information

I’m new to Laravel community and recently I tried building a small App. During a security testing I found any input with Script element to a form actually executes that in real time.

Example

Following are the combination of input that I have tried so far.

  • Foo (Works Correctly)
  • Fooalert(1) (Throws a alert window)
<input type="text" name="name">

This is a security issue and I’m looking on possibilities to fix this. I’m sure any data before entering to database gets sanitized but issue is with HTML display.

Source: Laravel

Leave a Reply