Let's implement the sanitization bazooka: Autosanitization
Posted by geek-merlin on September 18, 2012 at 1:09pm
Abstract
Wrong sanitization of user supplied strings, resulting in CSRF security issues, accounts for the vast majority of security announcements. Autosanitization (exactly: proper context stack aware autosanitization) would be the bazooka to end this once and for all. It is in reach und would be a unique feature among notable open source frameworks. The implementation requirements are described. Research is needed as of the D8 core requirements necessary to implement this in contrib land.
Anatomy of a sanitization issue
Consider a node title that is rendered like this:
Read more