xss_clean in CI 3 |
(04-05-2015, 11:32 PM)casa Wrote: to answer concisely and effectively : $config['global_xss_filtering'] = TRUE is deprecated and just to assure interdependence between versions of CI. Hi, ok XSS is deprecated on Input. So, if i well understand, if someone write something like <script>alert('hello')</script> in an input field, it will be recorded in the database. No problem. Could be usefull for later identification. But in this case, where to apply XSS protection (htmlspecialchars, strip_tags, other ?) to avoid the script alert ? : in the controller or in the view ? thinking of ajax response, i think it's better in controller, no ? Or perhaps i missunderstood something about the way CI protect against XSS (Sure i don't speak about input validation) thanks. |
Messages In This Thread |
xss_clean in CI 3 - by rocks - 02-17-2015, 10:27 PM
RE: xss_clean in CI 3 - by didi01 - 02-17-2015, 11:49 PM
RE: xss_clean in CI 3 - by Avenirer - 02-18-2015, 12:16 AM
RE: xss_clean in CI 3 - by Narf - 02-18-2015, 02:22 AM
RE: xss_clean in CI 3 - by rocks - 02-18-2015, 01:49 PM
RE: xss_clean in CI 3 - by Narf - 02-18-2015, 02:27 PM
RE: xss_clean in CI 3 - by Avenirer - 02-18-2015, 03:02 AM
RE: xss_clean in CI 3 - by twpmarketing - 02-18-2015, 08:56 AM
RE: xss_clean in CI 3 - by Narf - 02-18-2015, 09:28 AM
RE: xss_clean in CI 3 - by casa - 04-05-2015, 11:32 PM
RE: xss_clean in CI 3 - by zoé - 12-14-2016, 07:32 AM
RE: xss_clean in CI 3 - by wishmaster - 12-14-2016, 08:48 AM
|