Laravel 9 Create Middleware For XSS Protection Tutorial

Apr 15, 2022 . Admin

Hi Guys,

Today now in this example i will i how to create middleware for XSS protection in laravel.

So, XSS(Cross Site Scripting) aegis is must need in our site because if we do not XSS bulwark then our site is not the secure.

The XSS filter through we can abstract the html tag from our input value and additionally it's very paramount to abstract html tag for the security.

In our laravel application we can implement it by using middleware concept in our project.

So here i will show you how to create XSS filter middleware in our laravel application by using following steps.

At first fire following command and need to create middleware:

Step 1: Download Laravel

Let us begin the tutorial by installing a new laravel application. if you have already created the project, then skip following step.

composer create-project laravel/laravel example-app
Step 2: Create Middleware

In this step, We have to create custom middleware in laravel based project. So let’s open your command prompt and run below command :

php artisan make:middleware XSS
Step 3: Register Middleware

After successfully create middleware, go to app/http/kernel.php and register your custom middleware here :

class Kernel extends HttpKernel
    protected $routeMiddleware = [
        'XSS' => \App\Http\Middleware\XSS::class,
Step 4: Implement logic In Middleware

Then now, we can see new file in app/Http/Middleware/XSS.php and then just put the bellow code in our XSS.php file.


namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class XSS
     * Handle an incoming request.
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
    public function handle(Request $request, Closure $next)
        $input = $request->all();
        array_walk_recursive($input, function(&$input) {
            $input = strip_tags($input);
        return $next($request);
Step 5: Create Route

So now we are ready to use XSS middleware in our routes.php file, in bellow routes.php file we can do on that way:


use Illuminate\Support\Facades\Route;
use App\Http\Middleware\XSS;
use App\Http\Controllers\TestController;

| Web Routes
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!

Route::group(['middleware' => ['XSS']], function () {
    Route::get('customVali', [TestController::class,'customVali']);
    Route::post('customValiPost', [TestController::class,'customValiPost'])->name('customValiPost');

I hope it help you...

#Laravel 9