⚠️ Top 10 Laravel security issues I've found during audits ⚠️
#7 → Cross-Site Scripting (XSS)
Those pesky unescaped blade tags {!! !!}, and Vue's v-html keep popping up in surprising places, allowing for XSS to sneak in. Often through Markdown... 😉
This was an unsurprising entry in the top 10, but probably a lot lower than you were expecting!
I find XSS in less than half the sites I audit, usually on a single route that has been overlooked, or where formatting/markdown is supported.
Let's dive into Escaping Output Safely in your Laravel apps. Learn about Cross-Site Scripting (XSS), how to handle unescaped output safely, and explore interactive XSS demos.