FrozenNode / XssInput by janhartigan

A simple extension of the Laravel Input facade that mimics CodeIgniter's xss filtering
58,786
41
6
Package Data
Maintainer Username: janhartigan
Maintainer Contact: jan@frozennode.com (Jan Hartigan)
Package Create Date: 2013-11-01
Package Last Update: 2015-04-30
Language: PHP
License: MIT
Last Refreshed: 2024-11-18 03:01:39
Package Statistics
Total Downloads: 58,786
Monthly Downloads: 407
Daily Downloads: 1
Total Stars: 41
Total Watchers: 6
Total Forks: 20
Total Open Issues: 8

XssInput for Laravel

XssInput is a screamingly simple extension of Laravel's Input facade that somewhat mimics the XSS filtering of CodeIgniter's input library. In fact, underneath the hood, this package uses an altered form of CodeIgniter's Security library to filter inputs for XSS.

XSS filtering happens in one of two ways: by setting the xss_filter_all_inputs option in this package's config to true, or by passing true as the third option to Input::get() or as the only option for Input::all().

Composer

To install XssInput as a Composer package to be used with Laravel 4, simply add this to your composer.json:

"frozennode/xssinput": "dev-master"

..and run composer update. Once it's installed, you can register the service provider in app/config/app.php in the providers array:

'providers' => array(
    'Frozennode\XssInput\XssInputServiceProvider',
)

..and change the Input alias to point to the facade for XssInput:

'aliases' => array(
	'Input' => 'Frozennode\XssInput\XssInput'
)

You could also, instead of doing this, give the XssInput facade a separate alias.

Then publish the config file with php artisan config:publish frozennode/xssinput. This will add the file app/config/packages/frozennode/xssinput/xssinput.php, which you should look at and understand because it's one option long.

Usage

It really is screamingly simple. If you've set the global xss filtering to true, then you can continue using the Input facade as you normally would:

Input::get('some_var');

The same goes for getting all inputs:

Input::all();

However, if you don't have global xss filtering on, you can pass in a third parameter to the get() method:

Input::get('some_var', null, true);

Or pass in true to the all() method:

Input::all(true);

If you have global filtering on, you can pass false in as these parameters to turn off filtering for that particular call to either method.