Laravel Security
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core. Feel free to check out the change log, releases, security policy, license, code of conduct, and contribution guidelines.
Installation
Laravel Security requires PHP 7.2-8.1. This particular version supports Laravel 6-9.
Security | L5.1 | L5.2 | L5.3 | L5.4 | L5.5 | L5.6 | L5.7 | L5.8 | L6 | L7 | L8 | L9 |
---|---|---|---|---|---|---|---|---|---|---|---|---|
3.7 |
|
|
|
|
|
|
|
|
|
|
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
5.1 |
|
|
|
|
|
|
|
|
|
|
|
|
6.2 |
|
|
|
|
|
|
|
|
|
|
|
|
7.1 |
|
|
|
|
|
|
|
|
|
|
|
|
8.0 |
|
|
|
|
|
|
|
|
|
|
|
|
9.1 |
|
|
|
|
|
|
|
|
|
|
|
|
To get the latest version, simply require the project using Composer:
$ composer require "graham-campbell/security:^9.1"
Once installed, if you are not using automatic package discovery, then you need to register the GrahamCampbell\Security\SecurityServiceProvider
service provider in your config/app.php
.
You can also optionally alias our facade:
'Security' => GrahamCampbell\Security\Facades\Security::class,
Configuration
Laravel Security supports optional configuration.
To get started, you'll need to publish all vendor assets:
$ php artisan vendor:publish
This will create a config/security.php
file in your app that you can modify to set your configuration. Also, make sure you check for changes to the original config file in this package between releases.
There are two config options:
Evil configuration
This option ('evil'
) defines the evil attributes and tags, which will always be stripped from the input.
Replacement string
This option ('replacement'
) defines the replacement string, which will be used to take the place of removed portions of strings where XSS was present.
Usage
Security
This is the class of most interest. It is bound to the ioc container as 'security'
and can be accessed using the Facades\Security
facade. There is one public method of interest.
The 'clean'
method will parse a string removing XSS vulnerabilities, on a best effort basis.
Facades\Security
This facade will dynamically pass static method calls to the 'security'
object in the ioc container which by default is the Security
class.
SecurityServiceProvider
This class contains no public methods of interest. This class should be added to the providers array in config/app.php
. This class will setup ioc bindings.
Further Information
You may see an example of implementation in Laravel Binput.
Security
If you discover a security vulnerability within this package, please send an email to [email protected]. All security vulnerabilities will be promptly addressed. You may view our full security policy here.
License
Laravel Security is licensed under The MIT License (MIT).
For Enterprise
Available as part of the Tidelift Subscription
The maintainers of graham-campbell/security
and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.