Security XSS/CSRF/XSRF when using Form.send() method


I want know how to cleaning/filtering input if I’m not using dhtmlx PHPConnector, so I am using my own code for server

ex: myForm has input named inp1,
then using myForm.send(‘server.php’);

In server.php :
$inp1 = $_POST[‘inp1’]

I want cleaning $inp1. Is it possible using ConnectorSecurity::$xss and ConnectorSecurity::$security_key = true ? If not possible could you tell me another option?


You can use the next code for XSS filtering

$inp1 = ConnectorSecurity::filter($_POST['inp1']);

Need to include xss_filter.php, if not Class ‘ConnectorSecurity’ not found
How about CSRF/XSRF, only simple call “ConnectorSecurity::$security_key = true” or must using other method?


CSRF protection need to be used with both data generation and data saving routines. If you are not using connector for any of such tasks, it will be more simple to use a custom CSRF protection logic.

So for CSRF protection you tell me better to use my own code instead using “ConnectorSecurity::$security_key = true”.

Ok…Thanks Stanislav