[TYPO3-mvc] Is Extbase handling XSS automatically
Stefano Cecere
scecere at krur.com
Sat Oct 13 06:18:56 CEST 2012
hi Matthias
as far as i tested them in my extensions.. Extbase does already XSS
filtering also SQL injects
give a read to
http://forge.typo3.org/projects/typo3v4-mvc/wiki/Extbase__FLOW3_Security_Cookbook
On 12/10/12 16:52, Matthias Krappitz wrote:
> Hi,
>
> We are making heavy use of the Extbase & Fluid form handling for
> creating / updating records. (e.g. <f:form .... object="{object}" ... >
> ... </f:form>) As our records contain loads of texts, I would want to
> secure all these texts againts XSS / SQL injections or other potentially
> malicious contents before this goes into the database. Is extbase
> already doing all / most of this automatically when I use
> $someRepository->add($someObject) or
> $someRepository->update($someObject)? Or do I need to do XSS prevention
> myself? If yes can I do that by extbase configuration or just by
> manipulating the object to be added or updated in the repository
> beforehand in the php code?
>
> Best Wishes
>
> Matthias Krappitz
> w. www.aemka.de
--
-- --- ----- -------
Stefano Cecere
KRUR studio - http://krur.com
More information about the TYPO3-project-typo3v4mvc
mailing list