Anti-XSS (Slim + Twig + AntiXSS for Twig)
This is a Demo for the Anti-XSS package.
- Controller/Routing: Slim (codeguy/Slim)
- Model/Persistence/ActiveRecord: ActiveRecord (voku/simple-active-record)
- View/Template: Twig (fabpot/Twig)
- Security: Anti-XSS (voku/anti-xss)
- UI Toolkit: Twitter Bootstrap (twitter/bootstrap)
The instructions below assume you are running a LAMP stack in Ubuntu or any other apt-based distributions. To allow Slim to route with clean path syntax, you need to enable the url rewrite module.
sudo a2enmod rewrite sudo service apache2 restart
Suppose your document root is in /var/www, clone the repository as follows:
cd /var/www git clone https://github.com/voku/anti-xss-demo anti-xss-demo
The required vendor libraries can be installed/updated using Composer. Go to the project root (where you see the file composer.json) and run the following command:
cd ./anti-xss-demo composer install
Then, update your apache config file to set your document root to the web subdirectory. This helps to secure your scripts which should normally be put inside the app/ folder.
<VirtualHost *:80> DocumentRoot /var/www/anti-xss-demo/web ServerName anti-xss-demo.example.com </VirtualHost>
Note that in order to make the .htaccess effective, your main apache config file must allow subdirectory to override it.
<Directory "/var/www"> AllowOverride All </Directory>
CREATE TABLE `xss` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `xss` TEXT NOT NULL, `desc` TEXT NOT NULL, `keywords` VARCHAR(50) NULL DEFAULT '', `author` VARCHAR(50) NULL DEFAULT '', `date` TIMESTAMP NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`) ) COLLATE='utf8mb4_general_ci' ENGINE=InnoDB AUTO_INCREMENT=1 ;
- app/ contains all files for your app:
views/(Twig templates) and your
config/(configuration). Slim is instantiated in
- vendor/ contains the libraries for your application, and you can update them with composer.
- web/ is for your assets: js/css/img files. It should be the only folder publically available so your domain should point to this folder.
web/index.phpbootstraps the rest of the application.
- app/storage/cache/twig/ contains the twig template cache.
- app/storage/logs/ contains the error logs.
Software licensed under the MIT license