InputXssGuard
in package
Read onlyYes
FinalYes
Guards selected request parameters against suspicious reflected XSS payloads.
Table of Contents
Constants
- MONITORED_FIELDS = ['deleted', 'search', 'action', 'newname', 'info', 'content', 'signature', 'noconfirmation', 'field']
- SVG_ONLOAD_PATTERN = '<svg/onload='
Properties
Methods
- __construct() : mixed
- checkRun() : void
- handleDetectedPayload() : void
- isSuspiciousPayload() : bool
- readInputValue() : string|null
Constants
MONITORED_FIELDS
private
mixed
MONITORED_FIELDS
= ['deleted', 'search', 'action', 'newname', 'info', 'content', 'signature', 'noconfirmation', 'field']
SVG_ONLOAD_PATTERN
private
mixed
SVG_ONLOAD_PATTERN
= '<svg/onload='
Properties
$input
private
Input
$input
Methods
__construct()
public
__construct(Input $input) : mixed
Parameters
- $input : Input
checkRun()
public
checkRun() : void
handleDetectedPayload()
private
handleDetectedPayload() : void
isSuspiciousPayload()
private
isSuspiciousPayload(string $value, string $fieldName) : bool
Parameters
- $value : string
- $fieldName : string
Return values
boolreadInputValue()
private
readInputValue(string $fieldName) : string|null
Parameters
- $fieldName : string