Search

I've just installed Symphony and logged into the admin area.

I've seen the Cross-Site Scripting (XSS) Filter is enabled by default. Why is that so? Shouldn't the site work with this filter disabled by default or is it a security risk for the core Symphony code to not have it enabled?

Cross-Site Scripting (XSS) Filter provides a Filter that can be attached to Events in order to filter incoming data for malicious input.

It is a good idea to add this Filter to all events that you create.

Are the build-in Events prone to malicious input?

Are the build-in Events prone to malicious input?

Any part of any website is prone to malicious input. So the XSS filter aims to strip this out.

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details