[英]How are get/post requests santized in Yii2?
I'm using Yii2's gii to generate crud operations. 我正在使用Yii2的gii生成粗体操作。 Would like to know if it is safe to accept user input through these auto-generated forms or should I still need to write code to sanitize the inputs.
想知道通过这些自动生成的表单接受用户输入是否安全,还是我仍然需要编写代码来清理输入内容。
I've tried using tags in the input boxes, the '<' character is changed to '%3F'. 我尝试在输入框中使用标签,“ <”字符更改为“%3F”。
My question 我的问题
What security/sanitizations measures are built-in and what others are required. 内置了哪些安全/清理措施,还需要其他哪些措施。 so that I don't keep repeating unnecessary operations which are already being done inside the framework.
这样我就不会继续重复在框架内已经完成的不必要的操作。
You can check whether framework library CHtmlPurifier will offer what you need: 您可以检查框架库CHtmlPurifier是否可以提供所需的内容:
CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist.
CHtmlPurifier使用经过彻底审核,安全但允许的白名单删除所有恶意代码(更好地称为XSS)。 It will also make sure the resulting code is standard-compliant.
它还将确保生成的代码符合标准。
Yii uses this widget to purify posted data. Yii使用此小部件来净化发布的数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.