feat(guards): add GR-SEC-010 — output escaping enforcement in views
Add architecture test ViewLayerOutputEscapingContractTest that flags raw <?php echo in .phtml files. Legitimate uses (pre-built ARIA attrs from navActive(), hardcoded role values, pre-rendered HTML fragments) must carry an inline // raw-html-ok: reason marker. Annotated all 11 existing raw echo sites with justification markers. Added guard to catalog, enforcement map (automated), CLAUDE.md security section, and never-do-this list. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -180,6 +180,7 @@ docker/ # Dockerfiles, Nginx configs, PHP configs
|
||||
- Loading assets from external CDNs (GR-SEC-004)
|
||||
- Undeclared cross-module imports (must use `requires` in manifest)
|
||||
- Inline SQL or string-concatenated queries (GR-SEC-003)
|
||||
- Raw `echo` in views without `// raw-html-ok` marker — use `e()` (GR-SEC-010)
|
||||
- OpenAPI changes without updating the spec (GR-CORE-007)
|
||||
|
||||
## Database
|
||||
@@ -202,6 +203,7 @@ These rules are enforced by guards GR-SEC-001 through GR-SEC-009 in `.agents/che
|
||||
- API requests must not start sessions (GR-SEC-007)
|
||||
- Authorization enforced server-side, not just in UI (GR-SEC-008)
|
||||
- Tenant scope (`tenant_id`) enforced on all queries — no unscoped data access (GR-SEC-009)
|
||||
- Views use `e()` for all output — raw `echo` only with `// raw-html-ok: reason` marker (GR-SEC-010)
|
||||
|
||||
## Quality Gates
|
||||
|
||||
|
||||
Reference in New Issue
Block a user