# Security > CSRF features require the [Session](/version-0.x/reference/core-modules/session.md) module. ## Constants ### Rules * `SECURITY_RULE_NOT_NULL` The value must be not null, typically used to check whether a parameter has been passed or not. An empty field in a form will not trigger this rule. * `SECURITY_RULE_NOT_EMPTY` The value must not be empty, typically used to check whether a parameter has been passed or not. An empty field in a form will trigger this rule. * `SECURITY_RULE_INTEGER` The value must be an integer (-n to +n without decimals) * `SECURITY_RULE_POSITIVE` The value must be positive (0 to +n) * `SECURITY_RULE_MAX_VALUE` The value must be a number less than or equal the specified value * `SECURITY_RULE_MIN_VALUE` The value must be a number greater than or equal the specified value * `SECURITY_RULE_MAX_CHARS` The value must be less than or equal the specified number of chars * `SECURITY_RULE_MIN_CHARS` The value must be bigger than or equal the specified number of chars * `SECURITY_RULE_BOOLEAN` The value must be either a 0 or a 1 * `SECURITY_RULE_SLUG` The value must have the typical URL slug code syntax, containing only numbers and letters from A to Z both lower and uppercase, and -\_ characters * `SECURITY_RULE_URL_SHORT_CODE` The value must have the typical URL short code syntax, containing only numbers and letters from A to Z both lower and uppercase * `SECURITY_RULE_URL_ROUTE` The value must have the typical URL slug code syntax, like `SECURITY_RULE_SLUG` plus the "/" character * `SECURITY_RULE_LIMITED_VALUES` The value must be exactly one of the specified values. * `SECURITY_RULE_UPLOADED_FILE` The value must be a valid uploaded file. A value can be specified that must be an array of keys with setup options for the [checkUploadedFile](#checkuploadedfile-file-p) method. * `SECURITY_RULE_UPLOADED_FILE_IMAGE` The value must be an uploaded image. A value can be specified that must be an array of keys with setup options for the [checkUploadedFile](#checkuploadedfile-file-p) method. * `SECURITY_RULE_SQL_INJECTION` The value must not contain SQL injection suspicious strings * `SECURITY_RULE_TYPICAL_ID` Same as `SECURITY_RULE_NOT_EMPTY` + `SECURITY_RULE_INTEGER` + `SECURITY_RULE_POSITIVE` ### Filters * `SECURITY_FILTER_XSS` The value is purified to try to remove XSS attacks * `SECURITY_FILTER_STRIP_TAGS` HTML tags are removed from the value * `SECURITY_FILTER_TRIM` Spaces at the beginning and at the end of the value are trimmed * `SECURITY_FILTER_JSON` Decodes json data ### ### --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cherrycake.tin.cat/version-0.x/reference/core-modules/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.