Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/amashigeseiji/cake_viewvalue
https://github.com/amashigeseiji/cake_viewvalue
Last synced: 16 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/amashigeseiji/cake_viewvalue
- Owner: amashigeseiji
- Created: 2015-06-08T00:03:51.000Z (over 9 years ago)
- Default Branch: dev
- Last Pushed: 2015-06-22T19:16:58.000Z (over 9 years ago)
- Last Synced: 2024-12-15T15:34:14.549Z (22 days ago)
- Language: PHP
- Size: 211 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ViewValue Plugin for CakePHP
[](https://travis-ci.org/amashigeseiji/cake_ViewValue) [](https://coveralls.io/r/amashigeseiji/cake_ViewValue?branch=dev)
This plugin let your CakePHP application secure against XSS injection by escaping View variables automatically.
## Requirements
* PHP >= 5.5
* CakePHP >= 2.6
## Setup
In `Config/bootstrap.php`:
```php
#Load ViewValue plugin
CakePlugin::load('ViewValue');
```
and in `Controller/AppController.php`:
```php
public $helpers = array('ViewValue.ViewValue');
```
#### notice
If variables are already escaped by using `h()` helper in your view file, you should remove `h()`.
They might to be cause of double escaping.
## Description
This plugin convert View variable whose type is `String`/`Array`/`Object` into instance of `StringViewValue`/`ArrayViewValue`/`ObjectViewValue`.
They act as their original variable type.
If need arise, you can get raw value by calling `raw()` method in view file.
## Sample code
`StringViewValue` act as string.
```php
#Controller/SampleController.php
public function index() {
$this->set('xssstr', 'alert(0)');
}
```
```html
raw(); ?>
```
and `ArrayViewValue` act as array.
```php
#Controller/SampleController.php
public function index() {
$this->set('arr', array('alert(0)', 'hoge', array('fuga', array('hoge', 'fuga'))));
}
```
```html
```