xss clean issue - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6) +--- Forum: Issues (https://forum.codeigniter.com/forumdisplay.php?fid=19) +--- Thread: xss clean issue (/showthread.php?tid=70262) |
xss clean issue - michaelv - 03-15-2018 hello CI 3.1.5 i have an issue with a form validation +xss_clean, input string is : route val de soane $this->form_validation ->set_rules('adresse', 'Adresse', 'required|xss_clean|trim|max_length[255]')... print_r($_POST['adresse1']) >route val de soane print_r($this->input->post('adresse1')) >routeval de soane the xss_clean feature remove the space beetwen route & val any way to avoid this? sytem/core/Security.php line 448 if i remove 'eval' from the $words array no probleme RE: xss clean issue - jreklund - 03-15-2018 You shouldn't use xss_clean on input. You should filter the data if you expect only letters. https://www.codeigniter.com/userguide3/installation/upgrade_300.html#step-13-check-for-usage-of-the-xss-clean-form-validation-rule Use html_escape on output instead. https://www.codeigniter.com/user_guide/general/common_functions.html#html_escape RE: xss clean issue - dave friend - 03-16-2018 The rule 'xss_clean' was removed from CI at version 3.0.0 read this RE: xss clean issue - michaelv - 03-16-2018 i still have the global xss protection activated RE: xss clean issue - dave friend - 03-16-2018 Visit the links provided to see why that's not recommended. Also, read this In short, don't use the global xss clean An in-depth and technically dense discussion on XSS prevention can be found HERE |