šŸš€
INEX Docs
  • šŸš€INEX Team Documentation šŸ’”šŸŒ
  • INEX Blog
  • Contact Us
  • INEX SPA
    • Installation
      • Using Git
      • Manual Download
    • Getting Started
      • Running Locally
        • Using PHP's Built-in Server
        • Using Apache
      • Initial Configuration
      • Verify Installation
    • Ammar CLI
      • Extrenal Commands
        • list commands
          • list
          • list:routes
          • list:db
          • list:import
          • list:lang
          • list:cron
        • make commands
          • make:route
          • make:db
          • make:cache
          • make:sitemap
          • make:session
          • make:lang
          • make:layout
          • make:auth
        • get commands
          • get:cache
          • get:session
        • update commands
          • update:cache
        • delete commands
          • delete:route
          • delete:db
          • delete:cache
          • delete:import
          • delete:session
          • delete:lang
        • ask commands
          • ask:gemini
        • run/serve commands
          • run:db
          • serve
        • clear commands
          • clear:cache
          • clear:db
          • clear:db:tables
          • clear:routes
          • clear:start
          • clear:docs
          • clear:cron
        • install commands
          • install:import
      • Inline Commands
        • Route Management
        • Database Operations
        • Cache Operations
        • AI Assistance
        • Development Server
        • Library Manager
        • Session Manager
        • Language Manager
        • Layout Manager
        • Cronjob Management
    • Ahmed Template
      • {{}}
      • If Statement
      • ForEach
      • @getLang
      • @getEnv
      • Layout Feature
        • @getSection
        • @section and @endSection
        • @render
      • @include - Including Other Templates
      • @switch - Switch Case Statement
      • @for - Looping with a Fixed Range
      • @while - Looping Until a Condition is Met
      • @set - Assigning Variables
      • @dump - Debugging Variables
      • @dd - Debugging and Stopping Execution
      • @isset - Checking If a Variable Is Set
      • @empty - Checking If a Variable Is Empty
      • @php - Executing Raw PHP Code
      • @unless - Conditional Rendering for False Values
      • @break and @continue - Loop Control
      • String Case Conversion - @strtoupper, @strtolower, and @ucfirst
      • @number_format - Number Formatting
      • @date - Date Formatting
      • @runDB - Execute Database Migrations
      • @generateSitemap - Generate XML Sitemap
      • @checkRateLimit - Rate Limiting Requests
      • @validateCsrf - CSRF Protection
      • @define - Define Variables
      • {-- Comment Syntax --}
      • @escape - Escape Output
      • @substr - Extract a Substring
      • @jsonFile - Load JSON Data
      • @require - Include PHP Files
      • @do @whileCond - Do-While Loop
      • @setLang - Set Active Language
      • @var - Define and Use Variables
      • @phpCode - Execute Raw PHP Code
      • @postData - Send Data via HTTP POST
      • @toJson & @fromJson - JSON Conversion
      • @strlen & @trim - String Length and Trimming
      • @getData - Retrieve Data via HTTP GET
      • Cookie Management Directives
      • Session Management Directives
      • @useGemini - AI-Powered Assistance
      • Cache Management Directives
      • Section Management Directives
      • Other functions calling
    • Features
      • PWA Feature (Beta)
      • Cronjob Management
      • Built-in Motion Engine (Beta)
      • API Routes
      • Auth
        • How to use?
        • Start Use
          • Update Json/AuthParams.json
          • Create Auth file
            • Using ammar CLI
            • Using code
          • run .sql file
            • Using ammar CLI
            • Manually
        • Use
          • UserAuth::signIn
          • UserAuth::signUp
          • UserAuth::checkUser
          • UserAuth::logout
      • Webhook
      • Notification
      • Security
      • Logger
      • Firewall
      • Validation
        • isEmail
        • isTextLength
        • isMinTextLength
        • isSubDomain
        • isSubDir
        • isDomain
        • isEndWith
        • isStartWith
        • isNumber
        • isBool
      • Ahmed Template
      • Cookie Management
        • JavaScript (JS)
        • PHP
      • Session Management
      • Enable Multi Language
      • Submit Data without redirect
      • Layout Feature
      • Run DB Folder SQL files
      • SiteMap Generator
      • Use Rate Limiter
      • Application Title System
      • Use Gemini
      • Cache system
        • Create a new Cache
        • Get a Cache Value
        • Update Cache Value
        • Delete Cache
      • Run MySQL Commands
      • Automaticly CSRF Security
      • Get Website URL Without getEnvValue function
      • Use Bootstrap
      • Database Connection
      • Submit Data without Page Refresh
        • Basic Form Implementation
        • Server-Side Handling
        • Important Notes
      • Check Request Type
      • Create Dynamic Routes
      • Client-Side Navigation (Redirect without Refresh)
        • Basic Redirection
        • Dynamic Route Navigation
        • Common Usage Patterns
        • Important Notes
      • Get Values From .env file
      • Get Data from Twice Slash
    • Libraries
      • Download Library
        • 1- Using ammar CLI (recommended)
          • Example 1
        • 2- Manually Download
          • Example 1
      • Use library
        • Example 1
    • Notes
      • Use ""
      • Delete Docs files
      • Should name .ahmed.php
      • Don't delete JS & errors folder
      • Don't use these names in files
      • JavaScript Execution Conflicts
        • Problems this causes
        • Best practices
      • Production Database Checks
      • Route Type Restrictions
      • Autoloading Framework Components
      • Framework Core Isolation
      • Additional Notes
      • Add .git suffix
    • Best Practices
      • Code Organization
      • Security
      • Performance
      • Development
      • Database
      • Maintenance
    • Apache License
    • Security Policy
    • Repository
    • Star History
    • How to create a new library?
      • Create a folder
      • Create a library files
        • Create a file
          • Example 1: hi.php
          • Example 2: useFramework.php
      • Create init.php file
      • Create README.md file
      • Congratulations!!!
      • Upload to Github
      • Notes
        • Class Name like to file name
        • Create a folder
        • Don't match INEX SPA
  • Changelog
    • v5.2
    • v5.0
    • v5
    • v4.9.3
    • v4.9.1
    • v4.9-beta
    • v4.8.5-beta
    • v4.8-beta
    • v4.4-beta.10
    • v4.1-beta.9
    • v3.7.6.5.8.1-beta.8
    • v3.7.6.5.8.0-beta.7
    • v3.5.62.78-beta.6
    • v3.40.73-beta.5
    • v3.36.69-beta.4
    • v2.12.39-beta.3
    • v1.1.3-beta.2
    • v1.0-beta.1
Powered by GitBook
On this page
Edit on GitHub
  1. INEX SPA
  2. Features

Security

INEX SPA - Security System Documentation

šŸ›”ļø Feature: Security System

The Security system in INEX SPA is designed to help developers easily protect their apps from common vulnerabilities. It provides essential functions to manually validate, clean, and verify user input and behavior.

šŸ› ļø Enable Security System

To enable the Security system, open your .env file and set:

USE_SECURITY=true

Once enabled, you can use the Security class manually in your PHP files.

šŸ“ Files and Structure

  • Security Class: /core/functions/PHP/classes/Security.php

āš™ļø Security Functions

āž¤ Security::sanitizeInput($string)

Cleans a string from common XSS (Cross-site Scripting) attacks.

Example:

$userInput = '<script>alert("XSS")</script>';
echo Security::sanitizeInput($userInput); // Outputs:

This function removes or neutralizes harmful tags and scripts.

āž¤ Security::validateAndSanitize($input, $type)

Validates and sanitizes based on the type provided.

  • $type currently supports only 'xss'

Example:

$cleanInput = Security::validateAndSanitize($_POST['comment'], 'xss');

āœ… Use Cases

  • Cleaning user input before displaying it.

  • Preventing script injection in forms, URLs, comments, etc.

  • Adding a layer of safety when rendering dynamic content.

šŸ”’ Notes

  • This system only runs if USE_SECURITY=true is set in .env.

  • Designed to be used manually where needed.

  • Does not interfere with data unless you call it.

  • Currently supports only XSS protection.

Future updates may include CSRF token validation, header checks, and file upload protection.

āœ… Status

āœ… Lightweight āœ… Easy to configure āœ… Extensible āœ… No external libraries

Ā© INEX SPA Team - Security System

PreviousNotificationNextLogger

Last updated 2 months ago