Cross-Site Scripting (XSS) Filter
This is an open discussion with 3 replies, filed under Installation.
Search
Cross-Site Scripting (XSS) Filter
provides a Filter that can be attached to Events in order to filter incoming data for malicious input.
It is a good idea to add this Filter to all events that you create.
Are the build-in Events prone to malicious input?
Are the build-in Events prone to malicious input?
Any part of any website is prone to malicious input. So the XSS filter aims to strip this out.
Create an account or sign in to comment.
I've just installed Symphony and logged into the admin area.
I've seen the Cross-Site Scripting (XSS) Filter is enabled by default. Why is that so? Shouldn't the site work with this filter disabled by default or is it a security risk for the core Symphony code to not have it enabled?