Skip to content

voku/anti-xss--demo

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
app
 
 
web
 
 
 
 
 
 
 
 
 
 
 
 

Anti-XSS (Slim + Twig + AntiXSS for Twig)

This is a Demo for the Anti-XSS package.

======================================================

Installation

The instructions below assume you are running a LAMP stack in Ubuntu or any other apt-based distributions. To allow Slim to route with clean path syntax, you need to enable the url rewrite module.

sudo a2enmod rewrite
sudo service apache2 restart

Suppose your document root is in /var/www, clone the repository as follows:

cd /var/www
git clone https://github.com/voku/anti-xss-demo anti-xss-demo

The required vendor libraries can be installed/updated using Composer. Go to the project root (where you see the file composer.json) and run the following command:

cd ./anti-xss-demo
composer install

Then, update your apache config file to set your document root to the web subdirectory. This helps to secure your scripts which should normally be put inside the app/ folder.

<VirtualHost *:80>
	DocumentRoot /var/www/anti-xss-demo/web
	ServerName anti-xss-demo.example.com
</VirtualHost>

Note that in order to make the .htaccess effective, your main apache config file must allow subdirectory to override it.

<Directory "/var/www">
	AllowOverride All
</Directory>

Database Example:

CREATE TABLE `xss` (
	`id` INT(11) NOT NULL AUTO_INCREMENT,
	`xss` TEXT NOT NULL,
	`desc` TEXT NOT NULL,
	`keywords` VARCHAR(50) NULL DEFAULT '',
	`author` VARCHAR(50) NULL DEFAULT '',
	`date` TIMESTAMP NULL DEFAULT CURRENT_TIMESTAMP,
	PRIMARY KEY (`id`)
)
COLLATE='utf8mb4_general_ci'
ENGINE=InnoDB
AUTO_INCREMENT=1
;

##Structure

  • app/ contains all files for your app: models/, controllers/, views/ (Twig templates) and your config/ (configuration). Slim is instantiated in app/start.php
  • vendor/ contains the libraries for your application, and you can update them with composer.
  • web/ is for your assets: js/css/img files. It should be the only folder publically available so your domain should point to this folder. web/index.php bootstraps the rest of the application.

##Writable Directory

  • app/storage/cache/twig/ contains the twig template cache.
  • app/storage/logs/ contains the error logs.

License

Software licensed under the MIT license


About

This is a demo website for anti-xss via PHP. | http://anti-xss-demo.suckup.de/

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published