Cross-site Scripting

Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007.

Wikipedia (https://en.wikipedia.org/wiki/Cross-site_scripting)

Escaping text

There are two possible ways to escape text in Saturn, using the XSS library's Escape() function, or by using the Saturn Core Out() function.

XSS Library
use Saturn\SecurityManager\XSS;
$XSS = new XXS();

$XSS->Escape($Data);
Saturn Core
Out($Data);

The Saturn Core function uses the XSS library's function, so it's often easier to just use Out() instead.

Last updated