⚠️ Top 10 Laravel security issues I've found during audits ⚠️

#7 → Cross-Site Scripting (XSS)

Those pesky unescaped blade tags {!! !!}, and Vue's v-html keep popping up in surprising places, allowing for XSS to sneak in. Often through Markdown... 😉

This was an unsurprising entry in the top 10, but probably a lot lower than you were expecting!

I find XSS in less than half the sites I audit, usually on a single route that has been overlooked, or where formatting/markdown is supported.

More info: larasec.substack.com/p/in-depth-escapin…

In Depth: Escaping Output Safely
Let's dive into Escaping Output Safely in your Laravel apps. Learn about Cross-Site Scripting (XSS), how to handle unescaped output safely, and explore interactive XSS demos.
0
Likes
1
Restack