3 months ago

How to prevent users to do HTML Injection and change the ACTION of the Form?

Posted 3 months ago by JoaoHamerski

I have to send an id to my method store, so i put it on the route method {{ route('', ['client_id' => $client->id]) }} so this generate a URL http://localhost:8000/clientes/16/new-item in my action attribute of the form, but i noticed that i can change the id and the new item is registered to another user.

Note: I can change by using chrome inspect element.

How can i prevent this type of thing?

Please sign in or create an account to participate in this conversation.