如何在Yii2中满足获取/发布请求?
[英]How are get/post requests santized in Yii2?
问题描述
I'm using Yii2's gii to generate crud operations. 
我正在使用Yii2的gii生成粗体操作。 Would like to know if it is safe to accept user input through these auto-generated forms or should I still need to write code to sanitize the inputs. 想知道通过这些自动生成的表单接受用户输入是否安全,还是我仍然需要编写代码来清理输入内容。
I've tried using tags in the input boxes, the '<' character is changed to '%3F'. 我尝试在输入框中使用标签,“ <”字符更改为“%3F”。
My question 我的问题
What security/sanitizations measures are built-in and what others are required. 内置了哪些安全/清理措施,还需要其他哪些措施。 so that I don't keep repeating unnecessary operations which are already being done inside the framework. 这样我就不会继续重复在框架内已经完成的不必要的操作。
1 个解决方案
解决方案1
-1 已采纳 2016-02-13 05:53:55
You can check whether framework library CHtmlPurifier will offer what you need: 您可以检查框架库CHtmlPurifier是否可以提供所需的内容:
CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist.
Yii uses this widget to purify posted data. Yii使用此小部件来净化发布的数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.