• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
xss clean issue

#1
hello
CI 3.1.5
i have an issue with a form validation +xss_clean,
input string is : route val de soane

$this->form_validation
->set_rules('adresse', 'Adresse', 'required|xss_clean|trim|max_length[255]')...

print_r($_POST['adresse1'])
>route val de soane

print_r($this->input->post('adresse1'))
>routeval de soane

the xss_clean feature remove the space beetwen route & val

any way to avoid this?

sytem/core/Security.php line 448 if i remove 'eval' from the $words array no probleme
Reply

#2
You shouldn't use xss_clean on input. You should filter the data if you expect only letters.
https://www.codeigniter.com/userguide3/i...ation-rule

Use html_escape on output instead.
https://www.codeigniter.com/user_guide/g...tml_escape
Reply

#3
The rule 'xss_clean' was removed from CI at version 3.0.0 read this
Reply

#4
i still have the global xss protection activated
Reply

#5
Visit the links provided to see why that's not recommended.
Also, read this

In short, don't use the global xss clean

An in-depth and technically dense discussion on XSS prevention can be found HERE
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.