willdurand/jsonp-callback-validator
Validate JSONP callback names to prevent XSS. JsonpCallbackValidator checks whether a callback like JSONP.callback is safe and rejects malicious function payloads. Use via instance or static validate(), installable via Composer.
Adopt if:
Look elsewhere if:
Executives: "This package adds a 5-minute security upgrade to our JSONP endpoints, blocking XSS attacks with zero performance cost. It’s a drop-in fix for legacy integrations—like adding a deadbolt to a door we already knew was vulnerable. MIT-licensed, no dependencies, and used by 650+ projects. Let’s bake this into our next security patch."
Engineering:
"For Laravel/PHP APIs serving JSONP, this replaces ad-hoc regex checks with a maintained, tested validator. Two lines of code ($validator->validate($callback)) replace manual sanitization. Works with PHP 8.x, has unit tests, and plays well with Laravel’s middleware. Tradeoff: minimal maintenance (last update 2022) for zero false positives in callback validation."
How can I help you explore Laravel packages today?