CSRF, XSS and SQL Injection

Does GRAV handle these types of malicious activities? I know SQL injection is only possible if MySQL is installed (which GRAV doesn’t need); however, I might need it for contact forms to store data in a database. As for XSS and CSRF, is there anything I need to be concerned with? Thanks!

I think i answered you on Twitter already but:

  1. Grav is flat file, so no SQL injection worries
  2. Grav uses CSRF tokens for form submissions (nonces)
  3. Grav uses Twig templating which is much more secure for XSS than regular PHP output.

Thank you!