How To Create Middleware For XSS Protection In Laravel 10?

Hi Dev,

Today now in this post I will I how to create middleware for XSS protection in laravel.

XSS(Cross Site Scripting) protection is a must need in our site because if we do not have XSS protection then our site is not secure.

The XSS filter through we can remove the html tag from our input value and also it's very important to remove html tag for security.

In our laravel application, we can implement it by using the middleware concept in our project.

So here I will show you how to create XSS filter middleware in our laravel application by using the following steps.

First, fire the following command and need to create middleware:

Step 1: Download Laravel

Let us begin the tutorial by installing a new laravel application. if you have already created the project, then skip the following step.

composer create-project laravel/laravel example-app

Step 2: Add Middleware

In this step, We have to create custom middleware in laravel based project. So let’s open your command prompt and run the below command :

php artisan make:middleware XSS

Step 3: Register Middleware

After successfully creating middleware, go to app/http/kernel.php and register your custom middleware here :

app/Http/Kernel.php

<?php

class Kernel extends HttpKernel
{
    protected $routeMiddleware = [
        'XSS' => \App\Http\Middleware\XSS::class,
    ];
}

Step 4: Implement logic In Middleware

Then now, we can see a new file in app/Http/Middleware/XSS.php and then just put the bellow code in our XSS.php file.

app/Http/Middleware/XSS.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class XSS
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        $input = $request->all();
        array_walk_recursive($input, function(&$input) {
            $input = strip_tags($input);
        });
        $request->merge($input);
        return $next($request);
    }
}

Step 5: Add Route

So now we are ready to use XSS middleware in our routes.php file, in bellow routes.php file we can do on that way:

routes/web.php

<?php

use Illuminate\Support\Facades\Route;
use App\Http\Middleware\XSS;
use App\Http\Controllers\TestController;

/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/

Route::group(['middleware' => ['XSS']], function () {
    Route::get('customVali', [TestController::class,'customVali']);
    Route::post('customValiPost', [TestController::class,'customValiPost'])->name('customValiPost');
});

I hope it helps you...