Protection from SQL-injections and XSS-atacks |
The main part of our app generates HTML markup so we have to allow HTML input on certain routes. We turn XSS filteringĀ on globally and disable it for routes that require HTML input. On routes we accept HTML we use HTMLPurifier.
|
Welcome Guest, Not a member yet? Register Sign In |