business-decision/query-security-bundle

Symfony QuerySecurityBundle

Maintainers

Details

gitlab.com/betd/public/php/querysecuritybundle

Homepage

Source

Installs: 6 149

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Forks: 1

Type:symfony-bundle

1.0 2023-12-04 10:46 UTC

Requires

Requires (Dev)

MIT e9efd26b325d6457189238dbb1b68e3e23b626c5

  • Alexande Magnier <alexandre.magnier.woop@businessdecision.com>
  • Sébastien Thibault <sebastien.thibault.woop@businessdecision.com>
  • Business&Decision

securityxss

This package is not auto-updated.

Last update: 2024-11-20 10:34:59 UTC

README

WIP : Bundle

Instalation

Composer require

Configuration

File path : config/packages/query_security.yaml

parameters:
  # All Fields protection
  render_response_on_exception: true # render response instead of Exception (exception in kernel.request event are not catched)
  html_escaped: true # all field are passed to strip_tags function
  denied: ['<script>','javascript', 'http', '//']  # banned word in field value
  escaped: ['redirect']  ## word removed from value

  # per query parameters configuration
  parameters:
     fieldname:
        denied: ['<script>','javascript', 'http', '//']
        
        #Can be a static method or a function set in bootstrap.php
        validator: ['callbackFunctionName']

        #can access submit field if field is array
        subfield:
            html_escaped: false

## Todo

[ ] Better Configuration