Welcome Guest, Not a member yet? Register   Sign In
XSS replaces in the documentation
#5

Of course you can use xss_clean. The $config['global_xss_filtering'] config setting to clean all input has been deprecated because you should clean output not input.

I think some people think it is a heavy function that can cause a slow down if it is used inappropriately or on every possible output. But user input does need to be cleaned on output.

Paul.
Reply


Messages In This Thread
XSS replaces in the documentation - by Elias - 02-02-2018, 11:57 AM
RE: XSS replaces in the documentation - by Elias - 02-10-2018, 12:46 PM
RE: XSS replaces in the documentation - by falko - 02-10-2018, 11:23 PM
RE: XSS replaces in the documentation - by PaulD - 02-11-2018, 04:08 AM
RE: XSS replaces in the documentation - by Elias - 02-11-2018, 09:57 AM
RE: XSS replaces in the documentation - by PaulD - 02-11-2018, 11:15 AM
RE: XSS replaces in the documentation - by Narf - 02-12-2018, 06:24 AM
RE: XSS replaces in the documentation - by Elias - 02-12-2018, 07:21 AM
RE: XSS replaces in the documentation - by Narf - 02-14-2018, 11:28 AM
RE: XSS replaces in the documentation - by Elias - 02-15-2018, 08:01 AM
RE: XSS replaces in the documentation - by Narf - 02-22-2018, 01:31 AM



Theme © iAndrew 2016 - Forum software by © MyBB