What library do you recommend to replace CakePHP sanitization?

Asked 2 months ago, Updated 2 months ago, 2 views

I heard that Sanitize of CakePHP will be discontinued, so I am looking for a library that can be used as a native PHP instead.

I've only touched CakePHP, so I don't know what's standard and trustworthy, so please let me know.


2022-09-30 11:10

1 Answers

You can use the PHP standard htmlspecialchars() instead of Sanitize::html().For tag removal, there is also a function with the same name as tripTags() in the PHP standard.

As for escape(), if you were using it, it means that you are either assembling SQL with strings or accidentally escaping unnecessary situations where you don't need to escape.In rare cases, escape() is required.Unless you understand it and use it, you are using it incorrectly.

If you don't know how wrong it is, or if you're using another Sanitize function clean(), you might want to review why you need an escape.I will introduce you to the book "How to Create a Secure Web Application to Learn Systematically", so I recommend that you read it through it.

The rest of the functions are simple string replacements, so you can implement them on your own if you need them.

2022-09-30 11:10

If you have any answers or tips

© 2022 OneMinuteCode. All rights reserved.