⚠️ Top 10 Laravel security issues I've found during audits ⚠️

#7 → Cross-Site Scripting (XSS)

Those pesky unescaped blade tags {!! !!}, and Vue's v-html keep popping up in surprising places, allowing for XSS to sneak in. Often through Markdown... 😉

This was an unsurprising entry in the top 10, but probably a lot lower than you were expecting!

I find XSS in less than half the sites I audit, usually on a single route that has been overlooked, or where formatting/markdown is supported.

More info:

In Depth: Escaping Output Safely
Apr 15, 2023
at
11:54 AM