Cross-site Scripting

Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007.

Wikipedia (https://en.wikipedia.org/wiki/Cross-site_scripting)

Escaping text

You should not use this function for database queries.

It is not designed for use with Databases, please use DatabaseManager for escaping Database queries.

There are two possible ways to escape text in Saturn, using the XSS library's Escape() function, or by using the Saturn Core Out() function.

XSS Library
use Saturn\SecurityManager\XSS;
$XSS = new XXS();

$XSS->Escape($Data);
Saturn Core
Out($Data);

The Saturn Core function uses the XSS library's function, so it's often easier to just use Out() instead.

Last updated