Xss attacks protect

T

toeknee•8/21/23, 2:31 PM

How are you adding a script alert to a text input? Can you clarify

T

toeknee•8/21/23, 2:32 PM

If you are on about inputting, just use a Laravel Rule on the input to prevent adding it based on the rule.

T

toghrulcalalliOP•8/21/23, 4:20 PM

Ttoghrulcalalli In filament when i try adding script alert to text input it show me alert in pag...

L

LeandroFerreira•8/21/23, 7:21 PM

->dehydrateStateUsing(fn (string $state): string => strip_tags($state))

->dehydrateStateUsing(fn (string $state): string => strip_tags($state))

->dehydrateStateUsing(fn (string $state): string => strip_tags($state))

->dehydrateStateUsing(fn (string $state): string => strip_tags($state))

?

LLeandroFerreira ```php ->dehydrateStateUsing(fn (string $state): string => strip_tags($state)) `...

T

toghrulcalalliOP•8/21/23, 7:21 PM

thank you my friend.

T

toghrulcalalliOP•8/21/23, 7:21 PM

must i do it in all fields?

T

toghrulcalalliOP•8/21/23, 7:22 PM

in rich editor i cannot strip tags(( what will i do then?

Ttoghrulcalalli must i do it in all fields?

L

LeandroFerreira•8/21/23, 7:27 PM

if you want to apply for all textinput fields you can do something like this

return $panel
    ->bootUsing(function () {
        TextInput::configureUsing(function (TextInput $input) {
            $input->dehydrateStateUsing(fn (string $state): string => strip_tags($state));
        });
    })

return $panel
    ->bootUsing(function () {
        TextInput::configureUsing(function (TextInput $input) {
            $input->dehydrateStateUsing(fn (string $state): string => strip_tags($state));
        });
    })

return $panel
    ->bootUsing(function () {
        TextInput::configureUsing(function (TextInput $input) {
            $input->dehydrateStateUsing(fn (string $state): string => strip_tags($state));
        });
    })

return $panel
    ->bootUsing(function () {
        TextInput::configureUsing(function (TextInput $input) {
            $input->dehydrateStateUsing(fn (string $state): string => strip_tags($state));
        });
    })

or create a laravel macro.
I think you can replace some tags If you want to prevent this in the rich editor

LLeandroFerreira if you want to apply for all textinput fields you can do something like this ```...

T

toghrulcalalliOP•8/21/23, 7:28 PM

where will i do this?

Ttoghrulcalalli where will i do this?

L

LeandroFerreira•8/21/23, 7:31 PM

by panel,

AdminPanelProvider.php

AdminPanelProvider.php

AdminPanelProvider.php

AdminPanelProvider.php // or

YourPanelProvider.php

YourPanelProvider.php

YourPanelProvider.php

YourPanelProvider.php

or

AppServiceProvider.php

AppServiceProvider.php

AppServiceProvider.php

AppServiceProvider.php

public function boot(): void
{
    TextInput::configureUsing(function (TextInput $input) {
        $input->dehydrateStateUsing(fn (string $state): string => strip_tags($state));
    });
}

public function boot(): void
{
    TextInput::configureUsing(function (TextInput $input) {
        $input->dehydrateStateUsing(fn (string $state): string => strip_tags($state));
    });
}

public function boot(): void
{
    TextInput::configureUsing(function (TextInput $input) {
        $input->dehydrateStateUsing(fn (string $state): string => strip_tags($state));
    });
}

public function boot(): void
{
    TextInput::configureUsing(function (TextInput $input) {
        $input->dehydrateStateUsing(fn (string $state): string => strip_tags($state));
    });
}

T

toghrulcalalliOP•8/21/23, 7:48 PM

thank you my friend you saved my time. in rich editor i must spesify spesific tags?

Ttoghrulcalalli thank you my friend you saved my time. in rich editor i must spesify spesific ta...

L

LeandroFerreira•8/21/23, 7:57 PM

not sure if it is the right way, but it is supposed to work

T

toghrulcalalliOP•8/21/23, 8:10 PM

yes i didnt find other solution

A

awcodes•8/21/23, 9:59 PM

We’re you getting the alert outside of filament. I tried to replicate the issue and everything was sanitized properly.

T

toghrulcalalliOP•8/21/23, 10:01 PM

no i am getting alert inside filament

A

awcodes•8/21/23, 10:03 PM

Weird. I never got the alert.

A

awcodes•8/21/23, 10:04 PM

Are any of the fields reactive? Or were you getting it after saving the record.

T

toghrulcalalliOP•8/21/23, 10:06 PM

yes reactive title field

T

toghrulcalalliOP•8/21/23, 10:06 PM

for slug

A

awcodes•8/21/23, 10:10 PM

Can you share the code for your form. I couldn’t replicate it with reactive either. I’m wondering if it’s an issue with your livewire version.

A

awcodes•8/21/23, 10:10 PM

Either way something odd is going on in your app.

A

awcodes•8/21/23, 10:13 PM

No alert in the demo either.

T

toghrulcalalliOP•8/21/23, 10:13 PM

A

awcodes•8/21/23, 10:21 PM

All that looks ok. So weird.

T

toghrulcalalliOP•8/21/23, 10:30 PM

:(((

A

awcodes•8/21/23, 10:36 PM

Do you have an custom casts on the relationship.? You could try upgrading filament too. You might be on a broken version.

A

awcodes•8/21/23, 10:38 PM

Might help too to know what version of filament and livewire you have installed. Can you run

php artisan about

php artisan about

php artisan about

php artisan about and let us know.

T

toghrulcalalliOP•8/21/23, 10:40 PM

filament 3.x-dev

T

toghrulcalalliOP•8/21/23, 10:41 PM

livewire inside filament i didnt install seperately

A

awcodes•8/21/23, 10:47 PM

Why are you on 3x-dev

T

toghrulcalalliOP•8/21/23, 10:49 PM

i upgraded again shown 3x dev

A

awcodes•8/21/23, 10:53 PM

Are you using a repository key in your composer.json. It should only be 3.x-dev if you’re using a cloned copy locally or using vcs as a repo.

T

toghrulcalalliOP•8/21/23, 10:55 PM

A

awcodes•8/21/23, 10:55 PM

Definitely something wrong with how you installed of your seeing that as the version of it wasn’t intentional.

A

awcodes•8/21/23, 10:56 PM

And you updated the minimum stability to be ‘dev’?

A

awcodes•8/21/23, 10:57 PM

Maybe delete vendor and composer.lock and reinstall.

A

awcodes•8/21/23, 10:57 PM

Other than that I’m out of ideas. But something is definitely off here. And I’m not sure what.

A

awcodes•8/21/23, 10:58 PM

And I can’t replicate the original issue so I’m not confident it’s a Filament thing.

T

toghrulcalalliOP•8/21/23, 10:58 PM

i did it with app service provide dehydrate which friend said. is it wrong way?

A

awcodes•8/21/23, 10:59 PM

It’s not wrong to configure fields in a service provider. What’s wrong is that you have too for this use case.

T

toghrulcalalliOP•8/21/23, 11:02 PM

how didnt you get alert after use script in reactive text input

A

awcodes•8/21/23, 11:28 PM

I typed it in. Blurred the field to trigger the reactively and no alert.

A

awcodes•8/21/23, 11:29 PM

In another v3 app, typed it into a non reactive field and saved the form and still no alert.

A

awcodes•8/21/23, 11:30 PM

Basically though if you can’t replicate something in the demo app. https://demo.filamentphp.com then there’s a good chance that something is off in your app/install.

Xss attacks protect

Similar Threads

Similar Threads

Similar Threads