Sanitizes data so that Cross Site Scripting Hacks can be
prevented. This method does a fair amount of work but
it is extremely thorough, designed to prevent even the
most obscure XSS attempts. Nothing is ever 100% foolproof,
of course, but I haven't been able to get anything passed
the filter.
Note: Should only be used to deal with data upon submission.
It's not something that should be used for general
runtime processing.
public xss_clean ( mixed $str ) : string | array | boolean | ||
$str | mixed | input data e.g. string or array |
return | string | array | boolean | boolean: will return a boolean, if the "is_image"-parameter is true string: will return a string, if the input is a string array: will return a array, if the input is a array |
public function post(Request $request, AntiXSS $xss, \Swift_Mailer $mailer, array $vars) { $name = $xss->xss_clean($request->request->get('name')); $mail = $xss->xss_clean($request->request->get('mail')); $message = $xss->xss_clean($request->request->get('message')); $return = ['name' => $name, 'mail' => $mail, 'message' => $message]; return $return; }
/** * remove xss from html * * @return Stringy */ public function removeXss() { static $antiXss = null; if ($antiXss === null) { $antiXss = new AntiXSS(); } $str = $antiXss->xss_clean($this->str); return static::create($str, $this->encoding); }