Laravel Security In Depth: Escaping Output Safely
[InDepth#3] Let's dive into Escaping Output Safely in your Laravel Apps.
Following on from last week’s Validating User Input security tip, we’re looking at Escaping Output Safely this week. This is our third In Depth email, and like my last In Depth about SQL Injection, I’ve set up a demo site with some challenges for you to explore XSS further. So check that out and have some fun! 😁
As always, let me know if you’ve got any questions or suggestions for topics. Enjoy!
Escaping Output Safely
I said this a few times in the last email, but it’s worth repeating here:
Don’t trust user input. Don’t trust user input. Don’t trust user input.
Users can be crafty and sneaky1, and if they have malicious intent, they can come up with all sorts of creative and unusual ways to subvert the behaviour of your applications intentionally. Our job as developers is to build a system that prevents these sneaky users from doing things that we don’t want them to do, while still allowing them to do everything we do want them to do.
What is Cross-Site Scripting?
Let’s take a look at both:
Keep reading with a 7-day free trial
Subscribe to Securing Laravel to keep reading this post and get 7 days of free access to the full post archives.