Event improvement

protonemedia · Feb 2, 2022 · b275c47 · b275c47
1 parent 2d21955
commit b275c47
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -81,7 +81,18 @@ Instead of transforming malicious input, you may configure the middleware to ter
 
 ### Dispatch event
 
-You may configure the middleware to dispatch an event whenever malicious input has been found. Setting the `middleware.dispatch_event_on_malicious_input` to `true` will dispatch an `ProtoneMedia\LaravelXssProtection\Events\MaliciousInputFound` event with the malicious keys and full request.
+You may configure the middleware to dispatch an event whenever malicious input has been found. Setting the `middleware.dispatch_event_on_malicious_input` to `true` will dispatch an `ProtoneMedia\LaravelXssProtection\Events\MaliciousInputFound` event with the sanitized keys, the original request and the sanitized request.
+
+```php
+use Illuminate\Support\Facades\Event;
+use ProtoneMedia\LaravelXssProtection\Events\MaliciousInputFound;
+
+Event::listen(function (MaliciousInputFound $event) {
+    $event->sanitizedKeys;
+    $event->originalRequest;
+    $event->sanitizedRequest;
+});
+```
 
 ## Changelog
 

diff --git a/src/Events/MaliciousInputFound.php b/src/Events/MaliciousInputFound.php
@@ -6,7 +6,11 @@
 
 class MaliciousInputFound
 {
-    public function __construct(public array $keys, public Request $request)
+    public function __construct(
+        public array $sanitizedKeys,
+        public Request $originalRequest,
+        public Request $sanitizedRequest
+    )
     {
     }
 }
diff --git a/src/Middleware/XssCleanInput.php b/src/Middleware/XssCleanInput.php
@@ -79,14 +79,16 @@ public function handle($request, Closure $next)
             }
         }
 
+        $originalRequest = clone $request;
+
         $this->clean($request);
 
         if (count($this->sanitizedKeys) === 0) {
             return $next($request);
         }
 
         if ($this->enabledInConfig('dispatch_event_on_malicious_input')) {
-            event(new MaliciousInputFound($this->sanitizedKeys, $request));
+            event(new MaliciousInputFound($this->sanitizedKeys, $originalRequest, $request));
         }
 
         if ($this->enabledInConfig('terminate_request_on_malicious_input')) {

diff --git a/tests/MiddlewareTest.php b/tests/MiddlewareTest.php
@@ -35,7 +35,9 @@
     $middleware->handle($request, fn ($request) => $request);
 
     Event::assertDispatched(function (MaliciousInputFound $event) use ($request) {
-        return $event->request === $request && $event->keys === ['key'];
+        return $event->sanitizedRequest === $request
+            && $event->originalRequest->input('key') === 'test<script>script</script>'
+            && $event->sanitizedKeys === ['key'];
     });
 });