Sanitizing data in Yii 2 - Built in or extension?

Question

I found this extension for Yii 1.1 but don't see any relevant extension for Yii 2. So I'm wondering if there is one or is it built-in by default?

Also, when data properties gets set in your model for a form such as:

namespace app\models;

use yii\base\model;

class SignupForm extends Model {

    public $company_name;
    public $first_name;
    public $last_name;
    public $email;
    public $username;
    public $password;
    public $password_again;

    /**
     * Validation rules
     */ 

    public function rules() {       
        return [
            // Format some data
            [['company_name', 'first_name', 'last_name', 'email', 'username', 'password', 'password_again'], 'trim'],
            ['username', 'filter', 'filter' => 'strtolower'],
            // If company scenario, require company name
            ['company_name', 'required', 'on' => 'company'],
            //..............
        ];
    )

}

Is this data sanitized by default or does one have to sanitize it themselves?

So I guess my main question is - how do I sanitize data with Yii 2?

Answer 1

You can try using HTMLPurifier for sanitizing input like so:

[['attr1', 'attr2'], function ($attribute) {
    $this->$attribute = \yii\helpers\HtmlPurifier::process($this->$attribute);
}],

Answer 2

I'm surprised that in 4 months this subject hasn't got more feedback.

I think that there is no easy, cure-all extension and, as with any web application, it depends on the type of data being input and how you are going to store it and then use it.

However, I think the following Yii1 wiki page is still every bit as relevant to Yii2 and shows you what validation is relevant and when:

http://www.yiiframework.com/wiki/275/how-to-write-secure-yii-applications/