1. 3
  1.  

  2. 3

    Some background: I started this project a while ago because I find myself generating and validating a lot of HTML forms in my PHP projects.

    While other form libraries exist, they’re usually baked into frameworks (and their design patterns). I wanted something with few dependencies that handles the entire set of elements and behaviors captured by forms within the HTML5 standard.

    I also wanted something proactively secure:

    • Prevents XSS attacks (modulo a few elements that are explicitly not protected), with full support for taint analysis (checked by Psalm)
    • Stops CSRF attacks with no additional effort
    • Performs input validation and spits out the correct types (int, bool, etc.)

    Cupcake doesn’t quite live up to my expectations today, but it’s an early development project, and I’ve talked about it on the weekend threads for the past two weeks, so I thought I’d share it here for everyone to enjoy.

    (If you’re wondering “Why PHP 8?” I’m using union types.)

    1. 1

      I have abandoned all my hope for PHP years ago, however I am not a fan that the mascot of this project is funded by mass murdering corporation /joke