stackoom
  简体   繁体   中英

How are get/post requests santized in Yii2?

 原文  2016-02-13 05:47:11       php/ yii2

Question

I'm using Yii2's gii to generate crud operations. Would like to know if it is safe to accept user input through these auto-generated forms or should I still need to write code to sanitize the inputs.

I've tried using tags in the input boxes, the '<' character is changed to '%3F'.

My question

What security/sanitizations measures are built-in and what others are required. so that I don't keep repeating unnecessary operations which are already being done inside the framework.

1 answers

solution1
 -1 ACCPTED  2016-02-13 05:53:55

You can check whether framework library CHtmlPurifier will offer what you need:

CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.

Yii uses this widget to purify posted data.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to enable caching for all requests in yii2? Yii2 rest API get post with user Yii2: How to get attributes of $this? Yii2: How to stop yii2 from escaping $_POST variables? Yii2: How to access _POST method data Yii2: How to redirect with POST method? How to post a file by cUrl method in yii2 How to change request method in Yii2 custom URL rules from GET to POST and others? Yii2 - How to get the sum of computational figures How to get the result of Yii2 form verification
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM