feat(guards): add GR-SEC-010 — output escaping enforcement in views
Add architecture test ViewLayerOutputEscapingContractTest that flags raw <?php echo in .phtml files. Legitimate uses (pre-built ARIA attrs from navActive(), hardcoded role values, pre-rendered HTML fragments) must carry an inline // raw-html-ok: reason marker. Annotated all 11 existing raw echo sites with justification markers. Added guard to catalog, enforcement map (automated), CLAUDE.md security section, and never-do-this list. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -154,6 +154,13 @@
|
||||
"reviewer": "security",
|
||||
"title": "Server-side tenant scope",
|
||||
"requirement": "MUST enforce tenant scope server-side. Every query touching tenant-scoped data MUST filter by tenant_id. No cross-tenant data leakage."
|
||||
},
|
||||
{
|
||||
"id": "GR-SEC-010",
|
||||
"area": "security",
|
||||
"reviewer": "security",
|
||||
"title": "Output escaping in views",
|
||||
"requirement": "Views (.phtml) MUST use e() for all HTML output. Raw echo is only permitted for pre-built HTML fragments from framework helpers (e.g. ARIA attributes from navActive()). Each raw echo MUST carry an inline '// raw-html-ok: reason' comment."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -168,6 +168,13 @@
|
||||
"tests/Architecture/ApiResourceContractTest.php",
|
||||
".agents/runs/<TASK>/review-security.json"
|
||||
]
|
||||
},
|
||||
{
|
||||
"guard_id": "GR-SEC-010",
|
||||
"enforcement_mode": "automated",
|
||||
"evidence_source": [
|
||||
"tests/Architecture/ViewLayerOutputEscapingContractTest.php"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user