Edit

Security

INEX SPA - Security System Documentation

πŸ›‘οΈ Feature: Security System

The Security system in INEX SPA is designed to help developers easily protect their apps from common vulnerabilities. It provides essential functions to manually validate, clean, and verify user input and behavior.

πŸ› οΈ Enable Security System

To enable the Security system, open your .env file and set:

USE_SECURITY=true

Once enabled, you can use the Security class manually in your PHP files.

πŸ“ Files and Structure

  • Security Class: /core/functions/PHP/classes/Security.php

βš™οΈ Security Functions

➀ Security::sanitizeInput($string)

Cleans a string from common XSS (Cross-site Scripting) attacks.

Example:

This function removes or neutralizes harmful tags and scripts.

➀ Security::validateAndSanitize($input, $type)

Validates and sanitizes based on the type provided.

  • $type currently supports only 'xss'

Example:

βœ… Use Cases

  • Cleaning user input before displaying it.

  • Preventing script injection in forms, URLs, comments, etc.

  • Adding a layer of safety when rendering dynamic content.

πŸ”’ Notes

  • This system only runs if USE_SECURITY=true is set in .env.

  • Designed to be used manually where needed.

  • Does not interfere with data unless you call it.

  • Currently supports only XSS protection.

Future updates may include CSRF token validation, header checks, and file upload protection.

βœ… Status

βœ… Lightweight βœ… Easy to configure βœ… Extensible βœ… No external libraries

Β© INEX SPA Team - Security System

PreviousNotificationNextLogger

Last updated