Scalar type declaration

Cross-site scripting (XSS)

Bounded context

Authentication bypass (or broken authentication)

False vacuum theory

Injection flaws

This is not possible for security reasons

This is possible, but requires the addition of an annotation @dontverifyrequesthash to the
target action

This is possible, but requires the addition of an annotation @ignorevalidation to the target
action

This is possible, but requires the addition of an annotation @dontvalidate to the target action

This is possible by activating the TypoScript option persistence.enableDynamicForms

<f:if condition="{TSFE.loginUser.group == 5}">.

<f:security.ifHasRole role="5">

<f:security.ifHasRole role="news">

<f:security.ifAuthenticated>

<f:security.loginUser group_id="5">

Fluid applies htmlspecialchars() when HTML content of a variable is output

Fluid automatically removes all HTML tags if the content of a variable contains HTML code

To protect users against XSS attacks, an exception is triggered if a variable contains HTML
code

The FormatRaw-ViewHelper (<f:format.raw>) can be used to output the content of variables unfiltered

All HTML code should be passed to the FormatHtml-ViewHelper (<f:format.html>) for
security reasons

Protection against SQL injections

Protection against man-in-the-middle attacks

Protection against cross-site scripting (XSS) attacks

Protection against cookie theft

Protection against cross-site request forgery (CSRF)

The method quoteIdentifier()

The method quoteIdentifiers()

The method sanitizeValue()

The method createNamedParameter()

The method secureQuery()