Welcome Guest, Not a member yet? Register   Sign In
xss clean issue
#1

(This post was last modified: 03-15-2018, 07:03 AM by michaelv.)

hello
CI 3.1.5
i have an issue with a form validation +xss_clean,
input string is : route val de soane

$this->form_validation
->set_rules('adresse', 'Adresse', 'required|xss_clean|trim|max_length[255]')...

print_r($_POST['adresse1'])
>route val de soane

print_r($this->input->post('adresse1'))
>routeval de soane

the xss_clean feature remove the space beetwen route & val

any way to avoid this?

sytem/core/Security.php line 448 if i remove 'eval' from the $words array no probleme
Reply
#2

You shouldn't use xss_clean on input. You should filter the data if you expect only letters.
https://www.codeigniter.com/userguide3/i...ation-rule

Use html_escape on output instead.
https://www.codeigniter.com/user_guide/g...tml_escape
Reply
#3

The rule 'xss_clean' was removed from CI at version 3.0.0 read this
Reply
#4

i still have the global xss protection activated
Reply
#5

(This post was last modified: 03-16-2018, 08:06 AM by dave friend.)

Visit the links provided to see why that's not recommended.
Also, read this

In short, don't use the global xss clean

An in-depth and technically dense discussion on XSS prevention can be found HERE
Reply




Theme © iAndrew 2016 - Forum software by © MyBB