First, we will create a folder /app/Common. In this directory, we will place a Utility.php file which is our custom class containing the required methods to clean user input. This utility sanitizes all input provided by the user.


namespace App\Common;

use Illuminate\Support\Facades\Input;

class Utility {

public static function stripXSS()
$sanitized = static::cleanArray(Input::get());

public static function cleanArray($array)
$result = array();
foreach ($array as $key => $value) {
$key = strip_tags($key);
if (is_array($value)) {
$result[$key] = static::cleanArray($value);
} else {
$result[$key] = trim(strip_tags($value)); // Remove trim() if you want to.
return $result;

Now we can use it in any of our controller actions where we are submitting a form and saving some data to our database. For example,


use App\Common\Utility;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;

class SomeController extends Controller {
// some code...
protected function saveForm(Request $request) {

Utility::stripXSS(); //This will clean input
//rest of your validation code goes below...

Credits: This utility is based on work of I just made it compatible with 5.2.

blog comments powered by Disqus