Reputation: 99
Global data sanitize utility plugin cakephp 2.6
I want to protect my CakePHP 2.6 website from XSS hacking. I come to know about the App::uses('Sanitize', 'Utility'); Sanitize::clean();
I don't want write this function in my all controller since I lot of controller. Can anyone tell me the way to sanitize the data from appcontroller.php or any single point where i can write sanitize code.
I am sure there must be a place to validate all the fields from xss.
Please guide me.
Upvotes: 0
Views: 74
Answers (1)
Reputation: 1318
Forcing HTML encode on controller is not a proper mitigation approach. In fact that performing HTML encode over every single input may can cause! another troubles.
For example, lets say user's firstname is O'neal. Automated mitigation libraries will change that single quote. Which means you are going to save a non-valid name to the database.
The solution is output encoding. Which is related to the framework's template engines. Most of the modern engines are forcing encoding over dangerous characters such as < or & etc.
Upvotes: 1
Related Questions
- Where to store JWT in browser? How to protect against CSRF?
- Preventing XSS in ASP.Net Webforms: why is Validate Request not enough?
- CakePHP 2.6 Access Controller Object within a Component
- How to set any header in cakePHP 2.6 Controller Test
- CakePHP 2.6 : Session Read In Controller Not Working
- CakePHP - Prevent model data being save in a saveMany call when certain fields are blank
- xss protection and html purifier
- CakePhp: Avoid XSS attack keeping the ease of use of cake