Book Image

Yii2 Application Development Cookbook - Third Edition

By : Sergey Ivanov, Andrew Bogdanov, Dmitry Eliseev
Book Image

Yii2 Application Development Cookbook - Third Edition

By: Sergey Ivanov, Andrew Bogdanov, Dmitry Eliseev

Overview of this book

Yii is a free, open source web application development framework written in PHP5 that promotes clean DRY design and encourages rapid development. It works to streamline your application development time and helps to ensure an extremely efficient, extensible, and maintainable end product. Being extremely performance optimized, Yii is a perfect choice for any size project. However, it has been built with sophisticated, enterprise applications in mind. You have full control over the configuration from head-to-toe (presentation-to-persistence) to conform to your enterprise development guidelines. It comes packaged with tools to help test and debug your application, and has clear and comprehensive documentation. This book is a collection of Yii2 recipes. Each recipe is represented as a full and independent item, which showcases solutions from real web-applications. So you can easily reproduce them in your environment and learn Yii2 fast and without tears. All recipes are explained with step-by-step code examples and clear screenshots. Yii2 is like a suit that looks great off the rack, but is also very easy to tailor to fit your needs. Virtually every component of the framework is extensible. This book will show how to use official extensions, extend any component, or write a new one. This book will help you create modern web applications quickly, and make sure they perform well using examples and business logic from real life. You will deal with the Yii command line, migrations, and assets. You will learn about role-based access, security, and deployment. We’ll show you how to easily get started, configure your environment, and be ready to write web applications efficiently and quickly.
Table of Contents (19 chapters)
Yii2 Application Development Cookbook Third Edition
About the Authors
About the Reviewer

Preventing XSS

XSS stands for cross-site scripting and is a type of vulnerability that allows one to inject a client-side script (typically JavaScript) in a page viewed by other users. Considering the power of client-side scripting, this can lead to very serious consequences such as bypassing security checks, getting other user's credentials, or data leaks.

In this recipe, we will see how to prevent XSS by escaping the output with both \yii\helpers\Html and \yii\helpers\HtmlPurifier.

Getting ready

  1. Create a new application by using the Composer package manager, as described in the official guide at

  2. Create controllers/XssController.php:

    namespace app\controllers;
    use Yii;
    use yii\helpers\Html;
    use yii\web\Controller;
    * Class SiteController.
    * @package app\controllers
    class XssController extends Controller
        * @return string
       public function actionIndex()
           $username = Yii::$app-&gt...