business-decision/query-security-bundle

Symfony QuerySecurityBundle

维护者

详细信息

gitlab.com/betd/public/php/querysecuritybundle

主页

源代码

安装数: 6,149

依赖者: 0

建议者: 0

安全性: 0

星星数: 0

分支数: 1

类型:symfony-bundle

1.0 2023-12-04 10:46 UTC

Requires

Requires (Dev)

MIT e9efd26b325d6457189238dbb1b68e3e23b626c5

  • Alexande Magnier <alexandre.magnier.woop@businessdecision.com>
  • Sébastien Thibault <sebastien.thibault.woop@businessdecision.com>
  • Business&Decision

securityxss

This package is not auto-updated.

Last update: 2024-09-25 09:50:26 UTC

README

工作进度:Bundle

安装

Composer require

配置

文件路径:config/packages/query_security.yaml

parameters:
  # All Fields protection
  render_response_on_exception: true # render response instead of Exception (exception in kernel.request event are not catched)
  html_escaped: true # all field are passed to strip_tags function
  denied: ['<script>','javascript', 'http', '//']  # banned word in field value
  escaped: ['redirect']  ## word removed from value

  # per query parameters configuration
  parameters:
     fieldname:
        denied: ['<script>','javascript', 'http', '//']
        
        #Can be a static method or a function set in bootstrap.php
        validator: ['callbackFunctionName']

        #can access submit field if field is array
        subfield:
            html_escaped: false

## 待办事项

[ ] 更好的配置