Implement input filter into Laravel3

タグ: Laravel3  

For only security reason, using input filter is old method. Basically escaping output is recommended. So Laravel's HTML and Form classes used e() helper to output content.

e() helpter is htmlentities(). Then Laravel took default protections that mentioned in OWASP's XSS page.

But if you want to do more, or change output, you can implement input filtering easily.

If you put it into specific controller, do so. If want for all controller, so think about using Base_Contoller.

In Laravel, you can make route without controller class by using a closure. So for all URL routes, you can use global before filter in application/routes.php.

For example, if you want to trim() for all input ( Typically many ex-CI/Fuel users wanted :D ) :

Route::filter('before',
    function() {
        Input::replace(array_map( 'trim' ,Input::all()));
    });

It is easy. Right?

Yes, you can use any filter libraries for all / favored input item.