Skip to content
On this page

Leaf Anchor

Leaf anchor is a new module which contains basic security features for the leaf framework. This module is actively being developed and will be updated whenever a security vulnerability is discovered.

NOTE

The whole of leaf 3 and some of it's modules rely on this particular module. In case of updates, you might need to update the packages that rely on this module to receive the security updates.

Installation

WARNING

There is no need to manually add the anchor module if you're using Leaf 3 since this is done for you automatically.

You can quickly and simply install Leaf anchor through composer or the leaf cli.

composer require leafs/anchor

or with the leaf cli:

leaf install anchor

From there you can use the Leaf\Anchor class.

Base XSS protection

Attackers pass executable scripts into your application through input fields, urls, ... These scripts are then executed and perform whatever action the attacker needs. To prevent this, you will need to sanitize your data to make sure PHP treats them as nothing more than text.

The sanitize on leaf anchor handles all of this for you so you don't have to worry about escaping them.

<?php

require __DIR__ . "vendor/autoload.php";

$data = $_POST["data"];
$data = Leaf\Anchor::sanitize($data);

echo $data;

This also works on arrays

<?php

require __DIR__ . "vendor/autoload.php";

$data = Leaf\Anchor::sanitize($_POST);

echo $data["input"];
Leaf Anchor has loaded