Laravel does not have this xss_clean verification, nor does trim
Laravel does not have this xss_clean verification, nor does trim
If you use Laravel
’s Blade
template engine, the data entered by the user must be placed inside {{ }}
when using variables to output, and the Blade
template engine will automatically use escaping (escape
) Eliminate the risk of XSS
, therefore, there is no need for the so-called xss_clean
verification; in addition, if you need to trim
the user input data, you can perform the following operations before data verification:
<code>Input::merge(array_map('trim', Input::all()));</code>
1. As mentioned above, by default, Blade's {{ }}
statement has been processed by PHP's htmlentities
function to avoid XSS attacks;
2. If you use a form, you need to add it in the form On {!! csrf_field() !!}
, it will be parsed into <input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">
, And this is mandatory. If you don’t add this field to Blade’s form, Laravel will throw an exception.