-
Notifications
You must be signed in to change notification settings - Fork 4
\arc\noxss
noxss is an XSS attack detection and prevention class. It contains two methods, detect and prevent. The detect() method must be called at the start of handling any request, e.g. in your front controller or router. The prevent() method must be called at the end of handling any request.
Usage:
<?php
\arc\noxss::detect();
// handle request normally
\arc\noxss::prevent();
?>If any suspicious characters are found in any input argument, detect() will start an output buffer. prevent() will check that buffer. If any of the suspicious input arguments are detected as-is in the buffer, prevent() will send a '400 Bad Request' header and won't send the generated output.
If you want to handle the bad request yourself, you can pass a callback function to prevent(). It will only be called in the case of a bad request and the only argument to the callback is the generated output.