Xss attacks protect
In filament when i try adding script alert to text input it show me alert in page. it is dangerous. how can i protect from xss attack?
30 Replies
How are you adding a script alert to a text input? Can you clarify
If you are on about inputting, just use a Laravel Rule on the input to prevent adding it based on the rule.
?
thank you my friend.
must i do it in all fields?
in rich editor i cannot strip tags(( what will i do then?
if you want to apply for all textinput fields you can do something like this
or create a laravel macro.
I think you can replace some tags If you want to prevent this in the rich editor
where will i do this?
by panel,
AdminPanelProvider.php // or YourPanelProvider.php
or AppServiceProvider.php
thank you my friend you saved my time. in rich editor i must spesify spesific tags?
not sure if it is the right way, but it is supposed to work
yes i didnt find other solution
We’re you getting the alert outside of filament. I tried to replicate the issue and everything was sanitized properly.
no i am getting alert inside filament
Weird. I never got the alert.
Are any of the fields reactive? Or were you getting it after saving the record.
yes reactive title field
for slug
Can you share the code for your form. I couldn’t replicate it with reactive either. I’m wondering if it’s an issue with your livewire version.
Either way something odd is going on in your app.
No alert in the demo either.
All that looks ok. So weird.
:(((
Do you have an custom casts on the relationship.? You could try upgrading filament too. You might be on a broken version.
Might help too to know what version of filament and livewire you have installed. Can you run
php artisan about and let us know.filament 3.x-dev
livewire inside filament i didnt install seperately
Why are you on 3x-dev
i upgraded again shown 3x dev
Are you using a repository key in your composer.json. It should only be 3.x-dev if you’re using a cloned copy locally or using vcs as a repo.
Definitely something wrong with how you installed of your seeing that as the version of it wasn’t intentional.
And you updated the minimum stability to be ‘dev’?
Maybe delete vendor and composer.lock and reinstall.
Other than that I’m out of ideas. But something is definitely off here. And I’m not sure what.
And I can’t replicate the original issue so I’m not confident it’s a Filament thing.
i did it with app service provide dehydrate which friend said. is it wrong way?
It’s not wrong to configure fields in a service provider. What’s wrong is that you have too for this use case.
how didnt you get alert after use script in reactive text input
I typed it in. Blurred the field to trigger the reactively and no alert.
In another v3 app, typed it into a non reactive field and saved the form and still no alert.
Basically though if you can’t replicate something in the demo app. https://demo.filamentphp.com then there’s a good chance that something is off in your app/install.