Skip to content
On this page

Leaf Anchor

Leaf anchor is a new module which contains basic security features for the leaf framework. This module is actively being developed and will be updated whenever a security vulnerability is discovered.


The whole of leaf 3 and some of it's modules rely on this particular module. In case of updates, you might need to update the packages that rely on this module to receive the security updates.



There is no need to manually add the anchor module if you're using Leaf 3 since this is done for you automatically.

You can quickly and simply install Leaf anchor through composer or the leaf cli.

composer require leafs/anchor

or with the leaf cli:

leaf install anchor

From there you can use the Leaf\Anchor class.

Base XSS protection

Attackers pass executable scripts into your application through input fields, urls, ... These scripts are then executed and perform whatever action the attacker needs. To prevent this, you will need to sanitize your data to make sure PHP treats them as nothing more than text.

The sanitize on leaf anchor handles all of this for you so you don't have to worry about escaping them.


require __DIR__ . "vendor/autoload.php";

$data = $_POST["data"];
$data = Leaf\Anchor::sanitize($data);

echo $data;

This also works on arrays


require __DIR__ . "vendor/autoload.php";

$data = Leaf\Anchor::sanitize($_POST);

echo $data["input"];
Leaf Anchor has loaded