• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
XSS_CLEAN Truncates Data

We have a user out in the internet posting data to our API written in CI 3.1.9.  The data is in this format:

ID=<some id>&KEY=<some key>&DATA=<very long json data>

In our controller we use:

$id = $this->input->post('id', true);
$key = $this->input->post('key/, true);
$data = $this->input->post('data', true);

After days of trying to figure out why we're not getting this JSON data, I figured out that for some reason XSS_CLEAN would completely erase the JSON data to empty.  I can re-produce this problem with $this->input->input_stream('data', true) or $this->security->xss_clean($data)

Not sure if this is bug or it breaks because JSON data is too long (2000 records of name,address,city,state,zip) ..

XSS filtering should never be used on input, but on output. Codeigniter have DEPRECATED global_xss_filtering and you should delete those too. You should however validate your data and apply XSS measures on output instead.



Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.