Thursday, March 3, 2022

[FIXED] Yii2 : How to validate XSS (Cross Site Scripting) in form / model input?

      , , , ,      No comments   

Issue

Yii2 has support for XSS(cross-site-scripting ) validation of displayed data using the helper class\yii\helpers\HtmlPurifier, however this only validates and cleans up output code like this

echo HtmlPurifier::process($html);

How to validate input for XSS of input such that this data is not stored in the database itself ?


Solution

This can be done using a filterValidator by calling the process as named callable function of validation like this

class MytableModel extends ActiveRecord {
   ....
   public function rules(){
        $rules = [
           [['field1','field2'],'filter','filter'=>'\yii\helpers\HtmlPurifier::process']
        ];
        return array_merge(parent::rules(),$rules);
    }
   ....
}

Where field1, field2 etc are the inputs fields to be validated, the same applies for Form Model validations as well



Answered By - Manquer

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...