Does GRAV handle these types of malicious activities? I know SQL injection is only possible if MySQL is installed (which GRAV doesn’t need); however, I might need it for contact forms to store data in a database. As for XSS and CSRF, is there anything I need to be concerned with? Thanks!
I think i answered you on Twitter already but:
- Grav is flat file, so no SQL injection worries
- Grav uses CSRF tokens for form submissions (nonces)
- Grav uses Twig templating which is much more secure for XSS than regular PHP output.