<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Mathias Onea</title>
    <description>The latest articles on DEV Community by Mathias Onea (@mathiasonea).</description>
    <link>https://dev.to/mathiasonea</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3980524%2F4e8fec03-6284-4d54-8b1e-995a7843589e.JPG</url>
      <title>DEV Community: Mathias Onea</title>
      <link>https://dev.to/mathiasonea</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/mathiasonea"/>
    <language>en</language>
    <item>
      <title>Sanitizing Image Uploads in Laravel: Stopping PHP Payload Injection via Image Files</title>
      <dc:creator>Mathias Onea</dc:creator>
      <pubDate>Thu, 02 Jul 2026 08:06:23 +0000</pubDate>
      <link>https://dev.to/mathiasonea/sanitizing-image-uploads-in-laravel-stopping-php-payload-injection-via-image-files-1hij</link>
      <guid>https://dev.to/mathiasonea/sanitizing-image-uploads-in-laravel-stopping-php-payload-injection-via-image-files-1hij</guid>
      <description>&lt;h2&gt;
  
  
  TL;DR
&lt;/h2&gt;

&lt;p&gt;Image uploads aren't just images. A JPEG can carry a PHP web shell in its EXIF comment and still pass MIME checks, extension checks, and even &lt;code&gt;getimagesize()&lt;/code&gt;. If that file ever lands somewhere executable - a misconfigured &lt;code&gt;public/uploads&lt;/code&gt;, a &lt;code&gt;.htaccess&lt;/code&gt; override, a chained LFI - you've got remote code execution.&lt;/p&gt;

&lt;p&gt;&lt;code&gt;laravel-at/laravel-image-sanitize&lt;/code&gt; is a small middleware that scans uploaded images for payload markers (&lt;code&gt;&amp;lt;?php&lt;/code&gt;, &lt;code&gt;phar&lt;/code&gt;) and re-encodes anything suspicious through Intervention Image, stripping the payload before your controller ever sees the file.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;composer require laravel-at/laravel-image-sanitize
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;It's defense-in-depth, not a replacement for validation. Here's why you need it anyway, and how it works.&lt;/p&gt;

&lt;h2&gt;
  
  
  The problem: images that aren't just images
&lt;/h2&gt;

&lt;p&gt;A valid image file is just bytes with a known header. Nothing stops you from appending arbitrary text after that header. The image still renders fine in a browser - image decoders ignore trailing garbage.&lt;/p&gt;

&lt;p&gt;This is the classic "GIFAR" / polyglot trick, still alive in 2026:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;exiftool &lt;span class="nt"&gt;-Comment&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s1"&gt;'&amp;lt;?php system($_GET["c"]); ?&amp;gt;'&lt;/span&gt; shell.jpg
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That file:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Has a real JPEG header. &lt;code&gt;file shell.jpg&lt;/code&gt; says &lt;code&gt;JPEG image data&lt;/code&gt;.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Passes &lt;code&gt;getimagesize()&lt;/code&gt;. PHP reads the header, never the comment.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Passes &lt;code&gt;$request-&amp;gt;file('avatar')-&amp;gt;isValid()&lt;/code&gt; and &lt;code&gt;'image'&lt;/code&gt; validation rules.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Renders normally in &lt;code&gt;&amp;lt;img&amp;gt;&lt;/code&gt; tags.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Contains a working PHP payload in its EXIF data.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If an attacker can get this file written with a &lt;code&gt;.php&lt;/code&gt; extension somewhere reachable - via a separate path traversal bug, a misconfigured rename, or a server that executes &lt;code&gt;.jpg.php&lt;/code&gt; - they get code execution. Plenty of real-world breaches chain exactly this: an "unrelated" upload bug plus a permissive storage path.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why MIME and extension checks aren't enough
&lt;/h2&gt;

&lt;p&gt;Laravel's standard validation:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight php"&gt;&lt;code&gt;&lt;span class="nv"&gt;$request&lt;/span&gt;&lt;span class="o"&gt;-&amp;gt;&lt;/span&gt;&lt;span class="nf"&gt;validate&lt;/span&gt;&lt;span class="p"&gt;([&lt;/span&gt;
    &lt;span class="s1"&gt;'avatar'&lt;/span&gt; &lt;span class="o"&gt;=&amp;gt;&lt;/span&gt; &lt;span class="s1"&gt;'required|image|mimes:jpg,png,gif|max:2048'&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;span class="p"&gt;]);&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This checks the &lt;strong&gt;container&lt;/strong&gt;, not the &lt;strong&gt;contents&lt;/strong&gt;. &lt;code&gt;mimes:&lt;/code&gt; looks at the file extension and a magic-byte sniff. &lt;code&gt;image&lt;/code&gt; confirms it decodes as an image. None of that inspects what else is sitting inside the file alongside valid image data.&lt;/p&gt;

&lt;p&gt;MIME sniffing answers "is this technically an image?" It doesn't answer "is this image free of embedded code?" Those are different questions, and most upload pipelines only ask the first one.&lt;/p&gt;

&lt;h2&gt;
  
  
  The fix: detect and re-encode
&lt;/h2&gt;

&lt;p&gt;&lt;code&gt;laravel-image-sanitize&lt;/code&gt; adds a layer that asks the second question. The flow is four steps:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Filter by MIME type.&lt;/strong&gt; The middleware only inspects files matching your allow-list (JPEG, PNG, GIF, BMP, WebP by default).&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Scan for payload markers.&lt;/strong&gt; File contents are checked against configured patterns - &lt;code&gt;&amp;lt;?php&lt;/code&gt; and &lt;code&gt;phar&lt;/code&gt; out of the box.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Re-encode on match.&lt;/strong&gt; If a marker is found, the image is decoded and re-encoded from scratch through Intervention Image. Decoding only reads pixel data; anything appended outside the actual image stream gets dropped on re-encode.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Replace before the controller runs.&lt;/strong&gt; The rewritten bytes replace the original upload content. Your controller, your validation rules, your storage logic - none of it changes.&lt;/p&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The key insight: a genuine image decoder never reads the EXIF comment as executable. Re-encoding rebuilds the file from pixel data only, so anything appended after the image stream - your PHP payload - never makes it into the output file.&lt;/p&gt;

&lt;h2&gt;
  
  
  Middleware usage
&lt;/h2&gt;

&lt;p&gt;Attach it directly to upload routes:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight php"&gt;&lt;code&gt;&lt;span class="kn"&gt;use&lt;/span&gt; &lt;span class="nc"&gt;App\Http\Controllers\FileController&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="kn"&gt;use&lt;/span&gt; &lt;span class="nc"&gt;LaravelAt\ImageSanitize\ImageSanitizeMiddleware&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

&lt;span class="nc"&gt;Route&lt;/span&gt;&lt;span class="o"&gt;::&lt;/span&gt;&lt;span class="nf"&gt;post&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;'/files'&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="nc"&gt;FileController&lt;/span&gt;&lt;span class="o"&gt;::&lt;/span&gt;&lt;span class="n"&gt;class&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s1"&gt;'upload'&lt;/span&gt;&lt;span class="p"&gt;])&lt;/span&gt;
    &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt;&lt;span class="nf"&gt;name&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;'file.upload'&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt;&lt;span class="nf"&gt;middleware&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nc"&gt;ImageSanitizeMiddleware&lt;/span&gt;&lt;span class="o"&gt;::&lt;/span&gt;&lt;span class="n"&gt;class&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Or register a readable alias in &lt;code&gt;bootstrap/app.php&lt;/code&gt; (Laravel 12/13):&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight php"&gt;&lt;code&gt;&lt;span class="kn"&gt;use&lt;/span&gt; &lt;span class="nc"&gt;Illuminate\Foundation\Configuration\Middleware&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="kn"&gt;use&lt;/span&gt; &lt;span class="nc"&gt;LaravelAt\ImageSanitize\ImageSanitizeMiddleware&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

&lt;span class="o"&gt;-&amp;gt;&lt;/span&gt;&lt;span class="nf"&gt;withMiddleware&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="k"&gt;function&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="kt"&gt;Middleware&lt;/span&gt; &lt;span class="nv"&gt;$middleware&lt;/span&gt;&lt;span class="p"&gt;):&lt;/span&gt; &lt;span class="kt"&gt;void&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="nv"&gt;$middleware&lt;/span&gt;&lt;span class="o"&gt;-&amp;gt;&lt;/span&gt;&lt;span class="nf"&gt;alias&lt;/span&gt;&lt;span class="p"&gt;([&lt;/span&gt;
        &lt;span class="s1"&gt;'image-sanitize'&lt;/span&gt; &lt;span class="o"&gt;=&amp;gt;&lt;/span&gt; &lt;span class="nc"&gt;ImageSanitizeMiddleware&lt;/span&gt;&lt;span class="o"&gt;::&lt;/span&gt;&lt;span class="n"&gt;class&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
    &lt;span class="p"&gt;]);&lt;/span&gt;
&lt;span class="p"&gt;})&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;





&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight php"&gt;&lt;code&gt;&lt;span class="nc"&gt;Route&lt;/span&gt;&lt;span class="o"&gt;::&lt;/span&gt;&lt;span class="nf"&gt;post&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;'/files'&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="nc"&gt;FileController&lt;/span&gt;&lt;span class="o"&gt;::&lt;/span&gt;&lt;span class="n"&gt;class&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s1"&gt;'upload'&lt;/span&gt;&lt;span class="p"&gt;])&lt;/span&gt;
    &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt;&lt;span class="nf"&gt;name&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;'file.upload'&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt;&lt;span class="nf"&gt;middleware&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;'image-sanitize'&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Direct usage outside the middleware
&lt;/h2&gt;

&lt;p&gt;Handling raw image bytes in a job, an API client, or a CLI import? Call the sanitizer directly:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight php"&gt;&lt;code&gt;&lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nc"&gt;ImageSanitize&lt;/span&gt;&lt;span class="o"&gt;::&lt;/span&gt;&lt;span class="nf"&gt;detect&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nv"&gt;$contents&lt;/span&gt;&lt;span class="p"&gt;))&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="nv"&gt;$contents&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;string&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="nc"&gt;ImageSanitize&lt;/span&gt;&lt;span class="o"&gt;::&lt;/span&gt;&lt;span class="nf"&gt;sanitize&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nv"&gt;$contents&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;code&gt;detect()&lt;/code&gt; runs the pattern scan; &lt;code&gt;sanitize()&lt;/code&gt; does the decode/re-encode pass. Useful for queued processing where the file never goes through an HTTP route.&lt;/p&gt;

&lt;h2&gt;
  
  
  Configuration
&lt;/h2&gt;

&lt;p&gt;Publish the config when you need to change defaults:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;php artisan vendor:publish &lt;span class="nt"&gt;--tag&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;image-sanitize-config
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Defaults:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight php"&gt;&lt;code&gt;return [
    'allowed_mime_types' =&amp;gt; [
        'image/jpeg',
        'image/png',
        'image/gif',
        'image/bmp',
        'image/webp',
    ],

    'patterns' =&amp;gt; [
        '&lt;span class="cp"&gt;&amp;lt;?php&lt;/span&gt;&lt;span class="s1"&gt;',
        '&lt;/span&gt;&lt;span class="n"&gt;phar&lt;/span&gt;&lt;span class="s1"&gt;',
    ],

    '&lt;/span&gt;&lt;span class="n"&gt;driver&lt;/span&gt;&lt;span class="s1"&gt;' =&amp;gt; \Intervention\Image\Drivers\Gd\Driver::class,
    '&lt;/span&gt;&lt;span class="n"&gt;quality&lt;/span&gt;&lt;span class="s1"&gt;' =&amp;gt; 100,
    '&lt;/span&gt;&lt;span class="n"&gt;auto_orientation&lt;/span&gt;&lt;span class="s1"&gt;' =&amp;gt; true,
    '&lt;/span&gt;&lt;span class="n"&gt;decode_animation&lt;/span&gt;&lt;span class="s1"&gt;' =&amp;gt; true,
    '&lt;/span&gt;&lt;span class="n"&gt;strip_metadata&lt;/span&gt;&lt;span class="err"&gt;'&lt;/span&gt; &lt;span class="o"&gt;=&amp;gt;&lt;/span&gt; &lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;span class="p"&gt;];&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;A few notes:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;code&gt;quality =&amp;gt; 100&lt;/code&gt; means JPEG re-encoding is near-lossless by default - bump it down if you also want smaller files.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;code&gt;strip_metadata =&amp;gt; true&lt;/code&gt; removes EXIF data on re-encode, which is also a privacy win (no leaked GPS coordinates from phone uploads).&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;code&gt;decode_animation =&amp;gt; true&lt;/code&gt; handles animated GIF/WebP correctly instead of flattening to one frame.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;SVG is &lt;strong&gt;not&lt;/strong&gt; in the allow-list. SVG can carry active content (&lt;code&gt;&amp;lt;script&amp;gt;&lt;/code&gt;, event handlers) and needs a different threat model than raster re-encoding solves. Don't add it without your own sanitization for that format.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  What this doesn't do
&lt;/h2&gt;

&lt;p&gt;Be clear-eyed about scope. This package:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Doesn't replace &lt;code&gt;mimes:&lt;/code&gt;/&lt;code&gt;image&lt;/code&gt; validation rules - keep them.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Doesn't do authorization, rate limiting, or virus scanning.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Doesn't make storing uploads inside a public, executable path safe. Keep uploaded files out of &lt;code&gt;public/&lt;/code&gt; execution paths regardless.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Doesn't cover SVG, PDF, or non-image uploads.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;It's one layer that closes a specific gap: code smuggled inside otherwise-valid image bytes. Stack it with proper storage isolation (uploads on non-executable disks, served via signed URLs or a controller, not direct web-root access) and you've meaningfully reduced the blast radius of a polyglot file slipping through.&lt;/p&gt;

&lt;p&gt;Requirements: Laravel &lt;code&gt;^12.0 | ^13.0&lt;/code&gt;, PHP &lt;code&gt;^8.3&lt;/code&gt;, MIT licensed.&lt;/p&gt;

&lt;h2&gt;
  
  
  FAQ
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Does this replace Laravel's&lt;/strong&gt; &lt;code&gt;image&lt;/code&gt; &lt;strong&gt;validation rule?&lt;/strong&gt; No. Run both. Validation confirms the file is a structurally valid image; the sanitizer checks for embedded payload markers and re-encodes when found. They cover different failure modes.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Will re-encoding degrade my images?&lt;/strong&gt; Quality defaults to 100, so JPEG loss is minimal. PNG/GIF/WebP re-encoding via GD is lossless for typical use. If you need smaller output, lower &lt;code&gt;quality&lt;/code&gt; in the config.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Why isn't SVG supported?&lt;/strong&gt; SVG is XML and can contain &lt;code&gt;&amp;lt;script&amp;gt;&lt;/code&gt; tags or event handlers that execute in some rendering contexts. Re-encoding a raster image doesn't translate to "sanitizing" markup - SVG needs its own sanitizer (e.g., stripping script/event-handler nodes), which is out of scope here.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Does this stop every upload-based attack?&lt;/strong&gt; No single package does. This closes the "PHP/PHAR embedded in image bytes" gap specifically. Combine it with storage isolation, strict MIME/extension validation, and not executing PHP from upload directories.&lt;/p&gt;

&lt;h2&gt;
  
  
  Join the discussion
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;What's the worst upload-based exploit you've seen chained with a storage misconfig?&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;code&gt;quality =&amp;gt; 100&lt;/code&gt; by default - smart, or should it optimize for file size out of the box? Disagree below.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Hit a case where you needed SVG sanitization? What blocked you from shipping it?&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Sources
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://github.com/laravel-at/laravel-image-sanitize" rel="noopener noreferrer"&gt;laravel-at/laravel-image-sanitize on GitHub&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;a href="https://packagist.org/packages/laravel-at/laravel-image-sanitize" rel="noopener noreferrer"&gt;laravel-at/laravel-image-sanitize on Packagist&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>laravel</category>
      <category>security</category>
      <category>php</category>
    </item>
  </channel>
</rss>
