Issue with CI XSS option - Convert html entity string

Issue with CI XSS option - Convert html entity string

Diederik
Senior Member
Posts: 299
Threads: 0
Joined: Jan 2015
Reputation: 20

03-19-2016, 11:26 PM

You should not use XSS on you input process (validating the input, storing it in your db etc), you should use XSS filtering only in your output process for noumerious reasons. This has been discussed noumerious times on the forum

https://www.codeigniter.com/user_guide/l...input.html

Messages In This Thread

Issue with CI XSS option - Convert html entity string - by Priyank - 03-19-2016, 08:45 PM

RE: Issue with CI XSS option - Convert html entity string - by Diederik - 03-19-2016, 11:26 PM

RE: Issue with CI XSS option - Convert html entity string - by kenjis - 03-20-2016, 01:44 AM

RE: Issue with CI XSS option - Convert html entity string - by Priyank - 03-20-2016, 10:23 AM

RE: Issue with CI XSS option - Convert html entity string - by Narf - 03-20-2016, 10:59 AM

RE: Issue with CI XSS option - Convert html entity string - by Priyank - 03-20-2016, 07:42 PM

RE: Issue with CI XSS option - Convert html entity string - by Narf - 03-21-2016, 01:12 AM

RE: Issue with CI XSS option - Convert html entity string - by Priyank - 03-21-2016, 08:05 AM

RE: Issue with CI XSS option - Convert html entity string - by kilishan - 03-20-2016, 08:17 PM

RE: Issue with CI XSS option - Convert html entity string - by kenjis - 03-21-2016, 02:29 PM

RE: Issue with CI XSS option - Convert html entity string - by mwhitney - 03-22-2016, 08:42 AM

RE: Issue with CI XSS option - Convert html entity string - by Narf - 03-22-2016, 11:21 AM