Home
One Goal: Context-Sensitive Auto-Sanitization for PHP
We are building off of the work done by previous leaders in this field, including inspiration from this paper from Google and UC Berkeley. Languages like Java (Google Soy Templates), C (CTemplate), Python (Django) and others have modules similar to PHP-CSAS for implementing auto-escaping for various template languages. Our goal is to bring the functionality of these languages into PHP.
We developed this extension solely on PHP 5.4.45 and Ubuntu 14.04. Mileage may vary for other versions and systems.
This project is the senior thesis project for five students (@jaredmichaelsmith, @kylebshr, @josconno, @traviswork, and @davpcunn) at the University of Tennessee, Knoxville, sponsored by the Advanced Security Initiatives Group at Cisco Systems.
Here is a brief overview of each section.