Need help with Laravel-Security?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

Global Rank
#1,524
Topics of expertise
errors
statusp...
Laravel
error-h...
Compose...
excepti...
PHP
phphub
Location
United Kingdom
141 Stars 29 Forks MIT License 435 Commits 0 Opened issues

Description

A wrapper of voku/anti-xss for Laravel

Services available

!
?

Need anything else?

Contributors list

# 1,524
PHP
Laravel
Compose...
framewo...
397 commits
# 7,916
Laravel
PHP
Compose...
hashids
1 commit
# 11,924
autohot...
ahk
bitwise...
Nette
1 commit

Laravel Security

Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core. Feel free to check out the change log, releases, security policy, license, code of conduct, and contribution guidelines.

Banner

Build Status StyleCI Status Software License Packagist Downloads Latest Version

Installation

Laravel Security requires PHP 7.2-8.1. This particular version supports Laravel 6-8.

| Security | L5.1 | L5.2 | L5.3 | L5.4 | L5.5 | L5.6 | L5.7 | L5.8 | L6 | L7 | L8 | |----------|--------------------|--------------------|--------------------|--------------------|--------------------|--------------------|--------------------|--------------------|--------------------|--------------------|--------------------| | 3.7 | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | | 4.0 | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :x: | :x: | :x: | :x: | :x: | :x: | | 5.1 | :x: | :x: | :x: | :x: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :x: | :x: | :x: | :x: | | 6.2 | :x: | :x: | :x: | :x: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :x: | :x: | | 7.1 | :x: | :x: | :x: | :x: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: | :x: | | 8.0 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :whitecheckmark: | :whitecheckmark: | :x: | | 9.0 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :whitecheckmark: | :whitecheckmark: | :whitecheckmark: |

To get the latest version, simply require the project using Composer:

$ composer require "graham-campbell/security:^9.0"

Once installed, if you are not using automatic package discovery, then you need to register the

GrahamCampbell\Security\SecurityServiceProvider
service provider in your
config/app.php
.

You can also optionally alias our facade:

        'Security' => GrahamCampbell\Security\Facades\Security::class,

Configuration

Laravel Security supports optional configuration.

To get started, you'll need to publish all vendor assets:

$ php artisan vendor:publish

This will create a

config/security.php
file in your app that you can modify to set your configuration. Also, make sure you check for changes to the original config file in this package between releases.

There are two config options:

Evil configuration

This option (

'evil'
) defines the evil attributes and tags, which will always be stripped from the input.
Replacement string

This option (

'replacement'
) defines the replacement string, which will be used to take the place of removed portions of strings where XSS was present.

Usage

Security

This is the class of most interest. It is bound to the ioc container as

'security'
and can be accessed using the
Facades\Security
facade. There is one public method of interest.

The

'clean'
method will parse a string removing XSS vulnerabilities, on a best effort basis.
Facades\Security

This facade will dynamically pass static method calls to the

'security'
object in the ioc container which by default is the
Security
class.
SecurityServiceProvider

This class contains no public methods of interest. This class should be added to the providers array in

config/app.php
. This class will setup ioc bindings.
Further Information

You may see an example of implementation in Laravel Binput.

Security

If you discover a security vulnerability within this package, please send an email to [email protected] All security vulnerabilities will be promptly addressed. You may view our full security policy here.

License

Laravel Security is licensed under The MIT License (MIT).

For Enterprise

Available as part of the Tidelift Subscription

The maintainers of

graham-campbell/security
and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.