Laravel does not have this xss_clean verification, nor does trim
Laravel does not have this xss_clean verification, nor does trim
If you use Laravel’s Bladetemplate engine, the data entered by the user must be placed inside {{ }} when using variables to output, and the Bladetemplate engine will automatically use escaping (escape) Eliminate the risk of XSS, therefore, there is no need for the so-called xss_clean verification; in addition, if you need to trim the user input data, you can perform the following operations before data verification:
<code>Input::merge(array_map('trim', Input::all()));</code>
1. As mentioned above, by default, Blade's {{ }} statement has been processed by PHP's htmlentities function to avoid XSS attacks;
2. If you use a form, you need to add it in the form On {!! csrf_field() !!}, it will be parsed into <input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">, And this is mandatory. If you don’t add this field to Blade’s form, Laravel will throw an exception.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
