XSS - prevention in Twig<h1>Automatic escaping output</h1>
Any type of response can be created via the Response class by setting the right content and headers. A JSON response might look like this:To avoid XSSI JSON Hijacking, you should pass an associative array as the outer-most array to JsonResponse and not an indexed array so that the final result is an object (e.g. {"object": "not inside an array"}) instead of an array (e.g. [{"object": "inside an array"}]). Read the OWASP guidelines for more information.
Only methods that respond to GET requests are vulnerable to XSSI 'JSON Hijacking'. Methods responding to POST requests only remain unaffected.
<script>window.alert("XSS problems...");</script>
Dato:2016-01-04
Publisert av:kc
Antall visninger:266