You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Nette Framework puts a great effort to be safe and since forms are the most common user input, Nette forms are as good as impenetrable. All is maintained dynamically and transparently, nothing has to be set manually.
In addition to protecting the forms agains attack well-known vulnerabilities such as [Cross-Site Scripting (XSS) |vulnerability-protection#cross-site-scripting-xss] and [Cross-Site Request Forgery (CSRF)|vulnerability-protection#cross-site-request-forgery-csrf] it does a lot of small security tasks that you no longer have to think about.
In addition to protecting the forms against attacks targeted at well-known vulnerabilities such as [Cross-Site Scripting (XSS) |vulnerability-protection#cross-site-scripting-xss] and [Cross-Site Request Forgery (CSRF)|vulnerability-protection#cross-site-request-forgery-csrf], it does a lot of small security tasks that you no longer have to think about.
For example, it filters out all control characters from the inputs and checks the validity of the UTF-8 encoding, so that the data from the form will always be clean. For select boxes and radio lists, it verifies that the selected items were actually from the offered ones and there was no forgery. We've already mentioned that for single-line text input, it removes end-of-line characters that an attacker could send there. For multiline inputs, it normalizes the end-of-line characters. And so on.
