Security
in package
Class Security
Table of Contents
Methods
- cleanDangerousTwig() : string
- detectXss() : string|null
- Determine if string potentially has a XSS attack. This simple function does not catch all XSS and it is likely to
- detectXssFromArray() : array<string|int, mixed>
- Detect XSS in an array or strings such as $_POST or $_GET
- detectXssFromPages() : array<string|int, mixed>
- Detect XSS code in Grav pages
- detectXssFromSvgFile() : string|null
- getXssDefaults() : array<string|int, mixed>
- sanitizeSVG() : void
- Sanitize SVG for XSS code
- sanitizeSvgString() : string
- Sanitize SVG string for XSS code
Methods
cleanDangerousTwig()
public
static cleanDangerousTwig(string $string) : string
Parameters
- $string : string
Return values
stringdetectXss()
Determine if string potentially has a XSS attack. This simple function does not catch all XSS and it is likely to
public
static detectXss(string|null $string[, array<string|int, mixed>|null $options = null ]) : string|null
return false positives because of it tags all potentially dangerous HTML tags and attributes without looking into their content.
Parameters
- $string : string|null
-
The string to run XSS detection logic on
- $options : array<string|int, mixed>|null = null
Return values
string|null —Type of XSS vector if the given $string may contain XSS, false otherwise.
Copies the code from: https://github.com/symphonycms/xssfilter/blob/master/extension.driver.php#L138
detectXssFromArray()
Detect XSS in an array or strings such as $_POST or $_GET
public
static detectXssFromArray(array<string|int, mixed> $array[, string $prefix = '' ][, array<string|int, mixed>|null $options = null ]) : array<string|int, mixed>
Parameters
- $array : array<string|int, mixed>
-
Array such as $_POST or $_GET
- $prefix : string = ''
-
Prefix for returned values.
- $options : array<string|int, mixed>|null = null
-
Extra options to be passed.
Return values
array<string|int, mixed> —Returns flatten list of potentially dangerous input values, such as 'data.content'.
detectXssFromPages()
Detect XSS code in Grav pages
public
static detectXssFromPages(Pages $pages[, bool $route = true ][, callable|null $status = null ]) : array<string|int, mixed>
Parameters
- $pages : Pages
- $route : bool = true
- $status : callable|null = null
Return values
array<string|int, mixed>detectXssFromSvgFile()
public
static detectXssFromSvgFile(string $filepath[, array<string|int, mixed>|null $options = null ]) : string|null
Parameters
- $filepath : string
- $options : array<string|int, mixed>|null = null
Return values
string|nullgetXssDefaults()
public
static getXssDefaults() : array<string|int, mixed>
Return values
array<string|int, mixed>sanitizeSVG()
Sanitize SVG for XSS code
public
static sanitizeSVG(string $file) : void
Parameters
- $file : string
sanitizeSvgString()
Sanitize SVG string for XSS code
public
static sanitizeSvgString(string $svg) : string
Parameters
- $svg : string