Laravel XSS Protection Middleware Example

By Hardik Savani November 5, 2023 Category : PHP Laravel

Hey Folks,

Here, I will show you laravel xss protection middleware. If you have a question about laravel xss security then I will give a simple example with a solution. If you have a question about laravel xss filter then I will give a simple example with a solution. This post will give you a simple example of laravel x-xss-protection.

XSS(Cross Site Scripting) protection must need in your site because if you do not XSS protection then your site is not secure. XSS filter through you can remove html tag from your input value and it is very important to remove html tag for security. in your laravel application you can implement by using middleware concept in your project. so how to create XSS filter middleware in your laravel application by using following step.

Types of XSS attacks?

There are three main types of XSS attacks:

  • Reflected XSS, where the malicious script comes from the current HTTP request.
  • Stored XSS, where the malicious script comes from the website's database.
  • DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.

Step 1: Install Laravel

This step is not required; however, if you have not created the laravel app, then you may go ahead and execute the below command:

composer create-project laravel/laravel example-app

Step 2: Create Middleware

In this step, open terminal and run below command to create custom middleware file, so let's run below command:

php artisan make:middleware XSS

Now, it's created new XSS.php file. let's update following code on this file.



namespace App\Http\Middleware;

use Closure;

use Illuminate\Http\Request;

class XSS



* Handle an incoming request.


* @param \Illuminate\Http\Request $request

* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next

* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse


public function handle(Request $request, Closure $next)


$input = $request->all();

array_walk_recursive($input, function(&$input) {

$input = strip_tags($input);



return $next($request);



Step 3: Register Middleware

In this file, we need to register middleware on Kernel.php file. we will call xss of new created middleware. so let's update following file.



namespace App\Http;

use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel




* The application's route middleware.


* These middleware may be assigned to groups or used individually.


* @var array


protected $routeMiddleware = [


'xss' => \App\Http\Middleware\XSS::class,



Step 4: Use Middleware

In this step, we will create one route and show you how to use middleware in route file. so let's open your route file and update following code:



use Illuminate\Support\Facades\Route;

use App\Http\Controllers\RSSFeedController;



| Web Routes



| Here is where you can register web routes for your application. These

| routes are loaded by the RouteServiceProvider within a group which

| contains the "web" middleware group. Now create something great!



Route::group(['middleware' => ['xss']], function () {

Route::get('xss_prevention', [HomeController::class,'xssPrevention']);

Route::post('xss_prevention_data_store', [HomeController::class,'xssPreventionStore'])->name('xssPreventionStore');


Run Laravel App:

All the required steps have been done, now you have to type the given below command and hit enter to run the Laravel app:

php artisan serve

Now, Go to your web browser, type the given URL and view the app output:


I hope it can help you...

Tags :