Level 28
Have you checked the log files to see the actual error message?
Jan 7, 2021
3
Level 1
Error 500 when trying to test input security
¡Hi!
Im having some trouble trying to make sure that all my inputs are secure.
Here's is the problem:
In my Laravel App, users can register and add some social media links to their profile.
Everything works great on my local testing server: When someone put something like this on any input <script>alert('hola');</script>its saves like this: <script>alert('hola');</script>, but never execute the script when i output because of the {{ thing }}, so its working great.
Now im running the App on a real server, and when i input <script>alert('hola');</script>i receive a 500 Internal Server Error and the script stops. All the App files are the same on my local and my server.
If i try to save <b>Hi</b> the app doesnt send error, but when i send <script> something </script>i receive the 500 advice.
Thanks a lot. If you need some code, i will update it.
Level 1
Yes. But there's no log about that error. Im trying something very basic.
Send a POST request to UsersController@store. in the store method im making a dd($request) in the first line and im also getting the same Server error when i try to send <script></script>. Its like something in the server get that srting before anything.
Im not receiving the Laravel 500, im getting the Server one.
Level 1
Sorry for the inconvenience but I was able to fix the problem now. The server comes with a service called ModSecurity that filters some actions and one of them is to prevent the input of tags.
Please or to participate in this conversation.