I'm using Yii2's gii to generate crud operations. Would like to know if it is safe to accept user input through these auto-generated forms or should I still need to write code to sanitize the inputs.
I've tried using tags in the input boxes, the '<' character is changed to '%3F'.
My question
What security/sanitizations measures are built-in and what others are required. so that I don't keep repeating unnecessary operations which are already being done inside the framework.
You can check whether framework library CHtmlPurifier will offer what you need:
CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.
Yii uses this widget to purify posted data.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.