Ad

Securing Modals And Forms In Blade Engine Laravel

- 1 answer

how do you secure modal data from exposing in blade template, just wondering how can i protect my Modal form from exposing eg. route,id's etc..when i inspect element or view page source it will reveal the whole form including the id and values of the input below is example, if you have any known article that i could read about this matter appreciate if you share thanks.

Output From View Page Sourceenter image description here

Modal View

@if(count($editor)==1)
<form method="POST" action="{{route('edit.member',$member->pivot->token)}}">
@csrf
@method('PUT')
<div class="modal fade EditMemberModal" id="EditMemberModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true">
  <div class="modal-dialog" role="document">
    <div class="modal-content">
      <div class="modal-header">
        <h5 class="modal-title" id="exampleModalLabel">Edit Role</h5>
        <button type="button" class="close" data-dismiss="modal" aria-label="Close">
          <span aria-hidden="true">&times;</span>
        </button>
      </div>
      <div class="modal-body">
          <div class="form-group">
            <div class="input-group mb-3">
              <div class="input-group-prepend">
                <span class="input-group-text">Current Role</span>
              </div>
              <input type="text" class="form-control" id="role" disabled>
            </div>
            <div class="input-group mb-3">
             <div class="input-group-prepend">
               <label class="input-group-text" for="inputGroupSelect01">New Role</label>
             </div>
             <select class="custom-select" id="inputGroupSelect01" name="role">
               <option value="member">Member</option>
               <option value="editor">Editor</option>
             </select>
           </div>
            <input type="hidden" class="form-control" id="user" name="user_id">
            <input type="hidden" class="form-control" id="group" name="group_id">
          </div>
      </div>
      <div class="modal-footer">
        <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
        <button type="submit" class="btn btn-primary">Save changes</button>
      </div>
    </div>
  </div>
</div>
</form>    
@endif
<!--===========================Edit Modal For Members==========================-->
Ad

Answer

As mentioned in the comments, you cannot hide anything that you are using to populate your blade templates.

Once generated by the server and sent to the client, the client can do what they want with your template. This includes changing the names of your input fields, values of hidden input fields & the path of your form action.

What you should focus on is form validation, both on your HTML form but, more importantly, serverside.

Laravel ships with a Validator and has the ability to create custom Request objects.

Documentation can be found in the Laravel documentation here

If you want to go even further, alias your input fields as mentioned by @Jeremy Harris. you can then map them to your database columns in your Controllers.

Ad
source: stackoverflow.com
Ad