Skip to content
This is a demo website for anti-xss via PHP. | http://anti-xss-demo.suckup.de/
JavaScript CSS HTML PHP Ruby
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
app
web
.editorconfig
.gitignore
.htaccess
LICENSE.md
README.md
composer.json
phpcs.php_cs

README.md

Anti-XSS (Slim + Twig + AntiXSS for Twig)

This is a Demo for the Anti-XSS package.

======================================================

Installation

The instructions below assume you are running a LAMP stack in Ubuntu or any other apt-based distributions. To allow Slim to route with clean path syntax, you need to enable the url rewrite module.

sudo a2enmod rewrite
sudo service apache2 restart

Suppose your document root is in /var/www, clone the repository as follows:

cd /var/www
git clone https://github.com/voku/anti-xss-demo anti-xss-demo

The required vendor libraries can be installed/updated using Composer. Go to the project root (where you see the file composer.json) and run the following command:

cd ./anti-xss-demo
composer install

Then, update your apache config file to set your document root to the web subdirectory. This helps to secure your scripts which should normally be put inside the app/ folder.

<VirtualHost *:80>
	DocumentRoot /var/www/anti-xss-demo/web
	ServerName anti-xss-demo.example.com
</VirtualHost>

Note that in order to make the .htaccess effective, your main apache config file must allow subdirectory to override it.

<Directory "/var/www">
	AllowOverride All
</Directory>

Database Example:

CREATE TABLE `xss` (
	`id` INT(11) NOT NULL AUTO_INCREMENT,
	`xss` TEXT NOT NULL,
	`desc` TEXT NOT NULL,
	`keywords` VARCHAR(50) NULL DEFAULT '',
	`author` VARCHAR(50) NULL DEFAULT '',
	`date` TIMESTAMP NULL DEFAULT CURRENT_TIMESTAMP,
	PRIMARY KEY (`id`)
)
COLLATE='utf8mb4_general_ci'
ENGINE=InnoDB
AUTO_INCREMENT=1
;

##Structure

  • app/ contains all files for your app: models/, controllers/, views/ (Twig templates) and your config/ (configuration). Slim is instantiated in app/start.php
  • vendor/ contains the libraries for your application, and you can update them with composer.
  • web/ is for your assets: js/css/img files. It should be the only folder publically available so your domain should point to this folder. web/index.php bootstraps the rest of the application.

##Writable Directory

  • app/storage/cache/twig/ contains the twig template cache.
  • app/storage/logs/ contains the error logs.

License

Software licensed under the MIT license


You can’t perform that action at this time.