XSS & CSRF attacks


I want to protect my application from XSS and CSRF attacks.

I saw your documentation:

[url]Start DHTMLX Docs

I didn’t understand in which file I have to add your code for this. I’m using dhtmlxSuite Pro 3.6

If you are using connectors ( php, java, .net ) - your code is already xss safe, and to enable csrf protection, you need to add just one line of code at the start of php connector file

ConnectorSecurity::$security_key = true;

Do I have to add this in every php file, for example where I use GridConnector, or FormConnector etc?
Can I set it in one place?

Yep, it must be added to each file.
You can add it to some kind of config.php which can be included in all connector files.

Ok. Thank you very much!