Hacker News new | ask | show | jobs
by lupin_sansei 3403 days ago
Not sure that's true. Out of the box ASP.NET has request validation enabled by default that screens out lots of opportunities for XSS https://www.owasp.org/index.php/ASP.NET_Request_Validation PHP doesn't have that for example.
1 comments
girvo 3403 days ago
> PHP doesn't have that for example.

Bare PHP, sure, but pick basically any framework that any modern PHP-based web app is built on and then it does, no?

link
emodendroket 3403 days ago
Symfony certainly offers it.
link