[TYPO3-mvc] Is Extbase handling XSS automatically
Matthias Krappitz
matthias at nospam.aemka.de
Fri Oct 12 16:52:01 CEST 2012
Hi,
We are making heavy use of the Extbase & Fluid form handling for creating /
updating records. (e.g. <f:form .... object="{object}" ... > ... </f:form>)
As our records contain loads of texts, I would want to secure all these
texts againts XSS / SQL injections or other potentially malicious contents
before this goes into the database. Is extbase already doing all / most of
this automatically when I use $someRepository->add($someObject) or
$someRepository->update($someObject)? Or do I need to do XSS prevention
myself? If yes can I do that by extbase configuration or just by
manipulating the object to be added or updated in the repository beforehand
in the php code?
Best Wishes
Matthias Krappitz
w. www.aemka.de
More information about the TYPO3-project-typo3v4mvc
mailing list