can we do something to avoid XSS Attack?

slimphp / PHP-View

A Simple PHP Renderer for Slim 3 & 4 (or any other PSR-7 project)

MIT License

263 stars 60 forks source link

Closed yixinrock closed 8 years ago

yixinrock commented 8 years ago

just coding as following:

    $name = '<script>alert("1");</script>';
    $renderer->render($response, "home.phtml", ['name'] => $name);

akrabat commented 8 years ago

If you're using PHP-View rather than Twig-View, then it is the developer's responsibility to use htmlspecialchars() or zend-escaper.

We should probably note this in the README.

akrabat commented 8 years ago

README updated.