Home/ Questions/Q 7187429
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T18:50:34+00:00

How can I secure my CakePHP 1.3 site against XSS. Currently I am using

  • 0

How can I secure my CakePHP 1.3 site against XSS. Currently I am using $this->Form->create to make the form and I’ve also tried adding Security to the Components array without any success. Supposed I load the following javascript code into my comments box, that code goes thru all the way to the database and if I approve that comment, it will show a button where comment is supposed to be returned. And if I click on it, an alert box will popup with XSS Alert?

<form>
    <input type="button" onclick="alert('XSS Alert?')" value="Confirmation Alert">
</form>

How Can I secure my CakePHP site and prevent things like there from happening.

Thanks,

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    CakePHP will not protect you against that.

    The Security component is there to make sure your form was not tampered with.

    You will need to use php built-in functions like htmlentities() or CakePHP Sanitize class.

    You can either do it in a beforeSave, beforeValidate callbacks or at the view-level if you want to keep the original data.

    http://book.cakephp.org/1.3/en/view/1185/html

    http://ca.php.net/manual/en/function.htmlentities.php

    • 0