1 points | by ciaovietnam16 hours ago
LiteGUI/SiteGUI is a hybrid CMS that caters for both mobile apps and web apps. Every Model/Class will return one or more ViewBlocks that contain API root variable ($api) and optionally HTML helper root variable ($html) that can be consumed by API clients or utilized by the built-in View layer to render HTML from PHP Smarty templates server side. This means no separated API codebase is needed, Models/Classes are and should be developed using API first principle with additional on-demand HTML helpers. The integrated rate limiting engine is also capable of detecting API/non-API requests and applying thresholds accordingly. With this flexibility, LiteGUI/SiteGUI can be used as a stand-alone web app (server side rendering) or serves as the backend for other client side rendering (front-end) frameworks (NextJS, ReactJS etc) and mobile apps.
LiteGUI/SiteGUI is also the first CMS that employs sub-domains/sandboxing for mitigating XSS attacks. As LiteGUI/SiteGUI supports 3rd-party templates/themes, this mitigation strategy helps protect site owners from all types of XSS attacks (stored, reflected or DOM-based) that may (accidentally) be brought into their sites from 3rd party templates/themes. LiteGUI/SiteGUI uses a dedicated sub-domain for managing/submitting sensitive data and another sub-domain (loaded in a frame) for managing arbitrary contents and widgets (sandboxing). The advantage of sandboxing is that LiteGUI/SiteGUI can accept raw HTML content produced by a WYSIWYG editor or even through the browser's developer console, there is no need to use non-HTML editor like Markdown for editing the content. The main domain can display arbitrary contents (produced by site editors) as sensitive write operations are limited on the main domain. Despite using different sub-domains to avoid sharing cookies/authentication, the transitions/experience are seamless as LiteGUI/SiteGUI employs resource-based time-constraint token to automatically pass authenticated user information between sub-domains.