When building web applications, always assume that the user is malicious. As such, any time you accept and display user input, sanitize it first. Think of this as the equivalent of throwing their input into a sink filled with soapy water. The goal is to clean that HTML as best as we can. Scrub it down in preparation for display. Script tag? Sorry, but no. Inline styles? See ya. Click event handlers? Hell no.
View the source code for this episode on GitHub.
Published on Jan 2nd, 2018.
Understand.io is used by hundreds of Laravel developers to find and fix errors.
Sign up for a free 14-day trial now.