Hi,
I created something like below. If I enter alert("security flaw!!!!!")
between script tags in my input, I get the javascript alert on my browser. Is it normal or is there something missing in my snippet? I just started learning Laravel.
routes.php
Route::post('settings/generalsettings/changedata', 'UserSettingsController@changeData');
usetSettingsController.php
namespace App\Http\Controllers;
use App\User;
use App\Http\Controllers\Controller;
use Input;
class UserSettingsController extends Controller
{
public function changeData()
{
$variable = Input::get('name99');
echo $variable;
}
}
generalSettings.blade.php
<!DOCTYPE html>
<html>
<head>
<title></title>
<meta charset="utf-8">
<link rel="stylesheet" href=""/>
<meta name="csrf-token" content="{{ csrf_token() }}">
</head>
<body>
<input id="name" type="text" placeholder="Enter your name">
<input type="submit" id="sub">
<div id="result"></div>
<script src="/js/jquery-2.1.4.js"></script>
<script type="text/javascript">
$(document).ready(function () {
// set up jQuery with the CSRF token, or else post routes will fail
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
}); // handlers
$("#sub").click(function (y) {
y.preventDefault();
var user_name = $('#name').val();
$.post(
"/settings/generalsettings/changedata",
{
name99: user_name
},
function (data) {
$('#result').hide().html(data).fadeIn(2000);
});
});
});
</script>
</body>
</html>