Framework: Input Filtering
5 posts,
2 voices
6 posts
|
I am trying to try out this wonderful minimalistic framework. However, I am worried that it doesn't have built-in input filtering. Maybe I have missed out. If input filtering is deliberately left out of the framework, I hope you could advise or recommend me what kind of approach I should take for security concerns with input data. Thanks. |
|
6 posts
|
Just a side note... maybe input filtering/sanitization is handled by PDO driver's Quote function which is being called through Escape function in Record class. But is it secure enough to take care of XSS? |
541 posts
|
no of course not it is not enough , but it is better then nothing too! ex: if I need a integer I will cast it in integer I haven't need to use a a big filter input yet, maybe you have nice example of situation that you need it ? |
|
6 posts
|
yep, the simple way you said would be great too. i was thinking too much and got scared when filtering is not a given feature in the framework... also filtering is not that necessary for Frog... there is only one frontend form submit through comment submission. i was thinking of doing some sanitization inside the framework's record class. other can get... it is really small and sweet... |
|
6 posts
|
a sanitization class from cakephp http://api.cakephp.org/sanitize_8php-source.html |
|
541 posts
|
How small and sweet this function is? This is quit nice, lazy and heavy way to do it!! just take the html snaitization , why he use preg_replace ... he only replace static caracteres ... this is a really bad use of regex, because everyone know how heavy regex are !!! I'm not a big fan of those big framework sorry ;) |