Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development CodeIgniter 3.x xss flashdata class
xss flashdata class
  • Offline jreklund
    Administrator
  • *******
  • Posts: 1,408
    Threads: 3
    Joined: Aug 2017
    Reputation: 42
#2
05-03-2020, 02:08 AM

You should use html_escape() or xss_clean() when you print strings that are not XSS safe. Personally I use html_escape() as I don't want anything to have the slightest chance on slipping thru.

PHP Code:
<?php echo html_escape($this>session->flashdata('error')); ?>

It's deprecated from input validation, as you should filter your data. Do you only want numbers? Check that it's not a letter etc.
Reply


Messages In This Thread
xss flashdata class - by az1409 - 05-02-2020, 09:53 PM
RE: xss flashdata class - by jreklund - 05-03-2020, 02:08 AM
RE: xss flashdata class - by az1409 - 05-03-2020, 02:12 AM



Theme © iAndrew 2016 - Forum software by © MyBB