Simple October CMS Cross Site Scripting Protection plugin that allows you to protect your endpoints from Xss attacks. The plugin is configured through code and does not clutter the administration area with it's own navigation panel.
Installation via Command Line
php artisan plugin:install Tober.Xss
October CMS Cross Site Scripting Protection
1. Publish Config
php artisan vendor:publish --tag="xss-protection-config"
2. Check config and configure
<?php
return [
'middleware' => [
'allow_file_uploads' => true,
'allow_blade_echoes' => false,
'completely_replace_malicious_input' => true,
'terminate_request_on_malicious_input' => true,
'dispatch_event_on_malicious_input' => false,
],
'anti_xss' => [
'evil' => [
'attributes' => null,
'tags' => null,
],
'replacement' => null,
],
'excludedPaths' => [
'/cms',
],
];
3. Use middleware globally (Kernel.php) or on specific routes
\Tober\Xss\Http\Middleware\XssMiddleware::class
-
This plugin has not been reviewed yet.
-