shieldon/web-security

XSS protection for PHP.

1.0.0 2020-07-22 08:06 UTC

This package is auto-updated.

Last update: 2024-10-22 17:29:05 UTC


README

Build Status codecov License: MIT

This package is a part of Shieldon Firewall 2.

Installation

Use PHP Composer:

composer require shieldon/web-security

Or, download it and include the Shieldon autoloader.

require 'autoload.php';

Usage

Clean single variable

$xss = new \Shieldon\Security\Xss();

$_POST['username'] = 'javascript:/*--></title></style></textarea></script></xmp><svg/onload=\'+/"/+/onmouseover=1/+/[*/[]/+alert(1)//\'>';

$username = $xss->clean($_POST['username']);

echo $username;

result

[removed]/*--&gt;&lt;/title&gt;&lt;/style&gt;&lt;/textarea&gt;[removed]</xmp>&lt;svg/[removed]&gt;

Clean a superglobal

$xss = new \Shieldon\Security\Xss();

$_GET = $xss->clean($_GET);

Author

License

MIT