Validation (vs) Sanitization in Symfony2+Twig? Validation (vs) Sanitization in Symfony2+Twig? symfony symfony

Validation (vs) Sanitization in Symfony2+Twig?


symfony twig

  1. You should not worry at all about input sanitization, Doctrine is immune to sql injection

  2. By default, all output is escaped. So even if $text has script tags, it will be escaped; visible as text but not executed by browser. And if you want to have http://example.com clickable, there are jquery plugins that can do that for you.

  3. I would only put validation, there is 

    new Symfony\Component\Validator\Constraints\Url() ;

available for you

symfony twig

There is also a nice symfony2 bundle that allow users to implement input filtering in entities using Annotations. Like this :

/*** @Filter\StripTags()* @Filter\Trim()* @Filter\StripNewlines()** @var string*/public $email;

The bundle : dms-filter-bundle

symfony twig

I think Symfony and CakePHP are frameworks and the save process can't correctly know the input context and what it will save into DB. Developer knowns the context, if it's URL, HTML, SQL, etc, , even when outputting data, so output sanitization is often chosen, and if the developer wants to implement input sanitization, he always can and uses some existing tools.

You can use HTML Purifier to "purify" all user inputs.

https://github.com/Exercise/HTMLPurifierBundle

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last