(03-20-2016, 10:59 AM)Narf Wrote: (03-20-2016, 10:23 AM)Priyank Wrote: (03-20-2016, 01:44 AM)kenjis Wrote: You don't have to use XSS option or XSS filtering at all.
It changes your input data in many ways. I have never used it.
Hi Kenjis,
Do I need to use own custom methods for XSS filtering? Really, I'm not favor of directly storing vulnerable data into database and do XSS filter on output.
BTW, I found a solution for this issue, I just changed charset value from UTF-8 to ISO-8859-5. Now, In CI Security class html entity decode method give me same output as given.
Thanks,
Priyank
Storing blindly-sanitized data into the database is what will make it vulnerable.
True.. but if I store input data without xss filter then I need to apply xss filter on view. As per my understanding both input side or output side filter will do same change in data. As you told in your last reply you never used XSS Option so Do you know any other way?