XssInput is a screamingly simple extension of Laravel's Input facade that somewhat mimics the XSS filtering of CodeIgniter's input library. In fact, underneath the hood, this package uses an altered form of CodeIgniter's Security library to filter inputs for XSS.
XSS filtering happens in one of two ways: by setting the
xss_filter_all_inputs option in this package's config to
true, or by passing true as the third option to
Input::get() or as the only option for
To install XssInput as a Composer package to be used with Laravel 4, simply add this to your composer.json:
composer update. Once it's installed, you can register the service provider in
app/config/app.php in the
'providers' => array( 'Frozennode\XssInput\XssInputServiceProvider', )
..and change the
Input alias to point to the facade for XssInput:
'aliases' => array( 'Input' => 'Frozennode\XssInput\XssInput' )
You could also, instead of doing this, give the XssInput facade a separate alias.
Then publish the config file with
php artisan config:publish frozennode/xssinput. This will add the file
app/config/packages/frozennode/xssinput/xssinput.php, which you should look at and understand because it's one option long.
It really is screamingly simple. If you've set the global xss filtering to
true, then you can continue using the Input facade as you normally would:
The same goes for getting all inputs:
However, if you don't have global xss filtering on, you can pass in a third parameter to the
Input::get('some_var', null, true);
Or pass in
true to the
If you have global filtering on, you can pass
false in as these parameters to turn off filtering for that particular call to either method.