I am writing a web app in PHP that calls a couple API’s. The content from these API’s cannot be trusted and I want to filter it for XSS before displaying it to the user. Which MVC layer is appropriate to perform the XSS filter?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am writing a web app in PHP that calls a couple API’s. The content from these API’s cannot be trusted and I want to filter it for XSS before displaying it to the user. Which MVC layer is appropriate to perform the XSS filter?
I found some simliar questions on Stack Overflow and an answer by Quentin seems like the best way to answer this question. I’d summarize his answer as this:
Data should be sanitized just before it is used.
Since I am getting untrusted data from an API and displaying it in a View, I filter it for XSS there.