{"id":18742645,"url":"https://github.com/symphonycms/xssfilter","last_synced_at":"2025-09-10T16:42:57.960Z","repository":{"id":1115882,"uuid":"986079","full_name":"symphonycms/xssfilter","owner":"symphonycms","description":"An XSS filter for Events in Symphony CMS","archived":false,"fork":false,"pushed_at":"2018-06-12T15:52:59.000Z","size":20,"stargazers_count":27,"open_issues_count":3,"forks_count":18,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-07-06T00:33:50.918Z","etag":null,"topics":["symphony-cms","symphony-cms-extension"],"latest_commit_sha":null,"homepage":"http://symphonyextensions.com/extensions/xssfilter/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/symphonycms.png","metadata":{"files":{"readme":"README.markdown","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2010-10-14T05:16:54.000Z","updated_at":"2021-11-27T04:58:55.000Z","dependencies_parsed_at":"2022-08-16T12:05:14.139Z","dependency_job_id":null,"html_url":"https://github.com/symphonycms/xssfilter","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/symphonycms/xssfilter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/symphonycms%2Fxssfilter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/symphonycms%2Fxssfilter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/symphonycms%2Fxssfilter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/symphonycms%2Fxssfilter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/symphonycms","download_url":"https://codeload.github.com/symphonycms/xssfilter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/symphonycms%2Fxssfilter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274488306,"owners_count":25294702,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-10T02:00:12.551Z","response_time":83,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["symphony-cms","symphony-cms-extension"],"created_at":"2024-11-07T16:08:52.876Z","updated_at":"2025-09-10T16:42:57.939Z","avatar_url":"https://github.com/symphonycms.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cross-Site Scripting (XSS) Filter\n\n## Description\n\nProtect yourself against XSS and XSRF attacks in form submissions.\n\n## Installation\n\n1. Place the `xssfilter` folder in your Symphony `extensions` directory.\n2. Go to _System \u003e Extensions_, select \"Cross-Site Scripting (XSS) Filter\", choose \"Enable\" from the with-selected menu, then click Apply.\n\n## Usage\n\n### XSS\n\n1. Go to _Blueprints \u003e Components_ and click the name of the event whose input you want to filter.\n2. In the \"Filters\" section, select \"Filter XSS: Fail if malicious input is detected\"\n3. Save your event\n4. Pirouette\n\nAdditionally, the XSS Filter can be used directly in your extensions via `Extension_XSSFilter::detectXSS($string)` which takes a string and returns boolean if XSS is detected.\n\n#### Frontend Utilities\nAs of XSS Filter 1.4, this extension provides five context aware functions that can be used on the frontend to filter malicious data. These functions are designed to be used in five areas, attributes (`attributeContextCleaner`), style (`styleContextCleaner`), script (`scriptContextCleaner`), url (`urlContextCleaner`) and html (`htmlContextCleaner`). Thanks to [Ashar Javed](http://www.nds.rub.de/chair/people/JAsh/) ([@soaj1664ashar](https://twitter.com/soaj1664ashar)) for reaching out and sharing his work.\n\nExample usage:\n\n\t\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\t\u003cxsl:stylesheet version=\"1.0\"\n\t\txmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns:php=\"http://php.net/xsl\" extension-element-prefixes=\"php\"\u003e\n\n\t\t\u003cxsl:template match=\"/\"\u003e\n\t\t\t\u003cp\u003eHello there, \u003ca href=\"{php:functionString('urlContextCleaner', '$root')}\"\u003eclick on my XSS safe link\u003c/a\u003e\u003c/p\u003e\n\t\t\u003c/xsl:template\u003e\n\n\t\u003c/xsl:stylesheet\u003e\n\n#### Notes\n\nThe XSS Filter, as mentioned above is very strict. It defaults to a high level of protection, and users who want to be more permissive with their input should be savvy enough to filter that input accordingly before rendering the content on the front end.\n\nThe filter disallows the following HTML elements: `meta`, `link`, `style`, `script`, `embed`, `object`, `iframe`, `frame`, `frameset`, `title`, and a few other more obscure ones.\n\n### XSRF\n\n1. Go to _Blueprints \u003e Components_ and click the name of the event whose input you want to filter.\n2. In the \"Filters\" section, select \"Validate XSRF: Ensure request was passed with a XSRF token\"\n3. Save your event\n4. In your POST request, ensure `$_POST['xsrf']` is set with a valid token (available via params `{$cookie-xsrf-token}`)\n\nAdditionally, the XSRF Filter can be used directly in your extensions via `XSRF::validateToken($token)` which takes a string and returns boolean if it is not valid.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsymphonycms%2Fxssfilter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsymphonycms%2Fxssfilter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsymphonycms%2Fxssfilter/lists"}