Saturn
Saturn 1.0.0
Saturn 1.0.0
  • Saturn 1.0.0
  • 😁User Guide
    • Settings
      • Maintenance Mode
      • Website Environment
    • Security
      • Good security practices
      • Security Notice
    • System Requirements and Support
    • Update your Server
  • ⚠️Troubleshooting
    • Errors
      • Database Errors
      • Saturn Errors
      • Checksum Issues
  • 🧩Plugins
    • Plugins in Saturn
    • Official Plugins
      • Control Panel
        • User Guide
        • Developer Guide
          • Control Panel Hooks
    • Marketplace Plugins
  • 💻Developer Documentation
    • Getting Started
    • Libraries and Functions
      • AccountManager
        • Permissions
        • UUID
      • DatabaseManager
        • DBMS
          • Sending Database Requests
          • Query Information
          • Database Security
        • Database Actions
      • HookManager
        • Actions
        • Runners
      • HTTP
      • LanguageManager
      • PluginManager
        • Manage Plugin Content
        • Plugin Compatability
        • Check if a plugin is loaded.
        • Fetch Manifest
      • RouteManager
      • SecurityManager
        • Cross-site Request Forgery
        • Cross-site Scripting
      • SessionManager
        • Start and End Sessions
        • Validate Sessions
        • Session Data
      • TestManager
    • Security
    • Plugins
      • How to structure a plugin
      • Manifest
      • APIs
      • Checking for Dependencies
      • Power Features
        • 💤Hibernate
    • Hooks
    • Tests and Profiling
    • Global Variables
Powered by GitBook
On this page
  1. Developer Documentation
  2. Libraries and Functions
  3. SecurityManager

Cross-site Scripting

PreviousCross-site Request ForgeryNextSessionManager

Last updated 1 year ago

Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007.

Wikipedia ()

Escaping text

You should not use this function for database queries.

It is not designed for use with Databases, please use DatabaseManager for escaping Database queries.

There are two possible ways to escape text in Saturn, using the XSS library's Escape() function, or by using the Saturn Core Out() function.

XSS Library
use Saturn\SecurityManager\XSS;
$XSS = new XXS();

$XSS->Escape($Data);
Saturn Core
Out($Data);

The Saturn Core function uses the XSS library's function, so it's often easier to just use Out() instead.

💻
https://en.wikipedia.org/wiki/Cross-site_scripting