We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Escaping form values

Hi all,

how can i setup XSS security in form with Phalcon?

I need to escape eventually malicious html/javascript which may be injected in any text/textarea input.

How can i accomplish this?

Thank you

The documentaion describes preventing xss attacks in the Security section. You set the token in a hidden field and when processing the request you validate with $this->security->checkToken(); which is also described in the documentation.

If you are saving the data to database you don't need to clean inputs as Phalcon does this if you are using the model->save() functionality. If you are sending to another db or emailing data and want to clean you could save it then retrieve or write your own function to do this .