XSS atacks and similar security issues

Question

XSS atacks and similar security issues

leonardoWine opened this issue 12 years ago · 1 comments

Hello,

I'm curious to have more information about how ToroPHP can block some XSS atacks and url injections. Do the routes simply act as a whitelist?

(Sorry for posting here. I didnt find information about it. Since the "Design goals" does not say anything about it I decided to ask.)

Thanks in advance.

Answer 1 · 2013-05-30T06:45:11.000Z

Hi @leonardoWine. Toro simply acts as a router, so you will need to handle any security concerns in your application.

If you have a route that acts a parameter and someone passes something you may not be expecting in the URL, then you’ll need to sanitize that parameter before using it.

Of course, using tokens such as :alpha in your routes will mitigate some of the security risk as the parameter will be validated with preg_match() before reaching your handler.