-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support request: Potential XSS found with #value on $raw_form_input #46
Comments
This tool generally gives a WARNING when it thinks that something is a potential issue. In your case you are using some type of filtering functions that the tool doesn't recognize. For Drupal it's actually:
Currently the tool doesn't support customization of the sort to remove false positive, but it's certainly a feature that would be awesome to have. You could technically add your function to that list I stated above, but right now the sniff code path for it doesn't check mitigation: https://github.com/FloeDesignTechnologies/phpcs-security-audit/blob/master/Security/Sniffs/Drupal7/XSSFormValueSniff.php#L40 If you wanna hack that file too then with both hacks together it will dismiss the warning:
I think we should open 2 issues following your comment:
Let me know if this would solve your current concerns. |
Could somebody say what to do about this error:
The error is coming from where the #value' is red:
There's no other key I could use to get the value.
The text was updated successfully, but these errors were encountered: