GrahamCampbell / Laravel-Security by graham-campbell

Security Is An Anti-XSS Wrapper For Laravel
1,114,668
241
14
Package Data
Maintainer Username: graham-campbell
Maintainer Contact: hello@gjcampbell.co.uk (Graham Campbell)
Package Create Date: 2013-08-13
Package Last Update: 2024-03-17
Home Page: https://gjcampbell.co.uk
Language: PHP
License: MIT
Last Refreshed: 2024-12-22 15:04:27
Package Statistics
Total Downloads: 1,114,668
Monthly Downloads: 30,255
Daily Downloads: 642
Total Stars: 241
Total Watchers: 14
Total Forks: 29
Total Open Issues: 0

Laravel Security

Laravel Security was created by, and is maintained by Graham Campbell, and is a port of the security class from CodeIgniter 3 for Laravel 5. As of V6.0, the core has been extracted to Security Core. Laravel Security is best used wrapped in my Laravel Binput package. Feel free to check out the change log, releases, license, and contribution guidelines.

Laravel Security

Installation

Laravel Security requires PHP 7.1 - 7.3. This particular version supports Laravel 5.5 - 5.8 only.

To get the latest version, simply require the project using Composer:

$ composer require graham-campbell/security

Once installed, if you are not using automatic package discovery, then you need to register the GrahamCampbell\Security\SecurityServiceProvider service provider in your config/app.php.

You can also optionally alias our facade:

        'Security' => GrahamCampbell\Security\Facades\Security::class,

Configuration

Laravel Security supports optional configuration.

To get started, you'll need to publish all vendor assets:

$ php artisan vendor:publish

This will create a config/security.php file in your app that you can modify to set your configuration. Also, make sure you check for changes to the original config file in this package between releases.

There is one config option:

Evil attributes

This option ('evil') defines the evil attributes and they will be always be removed from the input.

Usage

Security

This is the class of most interest. It is bound to the ioc container as 'security' and can be accessed using the Facades\Security facade. There is one public method of interest.

The 'clean' method will parse a string removing xss vulnerabilities. This parsing is strongly based on the security class from CodeIgniter 3.

Facades\Security

This facade will dynamically pass static method calls to the 'security' object in the ioc container which by default is the Security class.

SecurityServiceProvider

This class contains no public methods of interest. This class should be added to the providers array in config/app.php. This class will setup ioc bindings.

Further Information

You may see an example of implementation in Laravel Binput.

Security

If you discover a security vulnerability within this package, please send an e-mail to Graham Campbell at graham@alt-three.com. All security vulnerabilities will be promptly addressed.

License

Laravel Security is licensed under The MIT License (MIT).

Laravel Security contains code taken from CodeIgniter, also licensed under The MIT License (MIT).