| XSS_CLEAN Truncates Data |
|
We have a user out in the internet posting data to our API written in CI 3.1.9. The data is in this format:
ID=<some id>&KEY=<some key>&DATA=<very long json data> In our controller we use: $id = $this->input->post('id', true); $key = $this->input->post('key/, true); $data = $this->input->post('data', true); After days of trying to figure out why we're not getting this JSON data, I figured out that for some reason XSS_CLEAN would completely erase the JSON data to empty. I can re-produce this problem with $this->input->input_stream('data', true) or $this->security->xss_clean($data) Not sure if this is bug or it breaks because JSON data is too long (2000 records of name,address,city,state,zip) ..
XSS filtering should never be used on input, but on output. Codeigniter have DEPRECATED global_xss_filtering and you should delete those too. You should however validate your data and apply XSS measures on output instead.
https://www.codeigniter.com/user_guide/l...-filtering https://www.codeigniter.com/user_guide/g...-filtering https://www.codeigniter.com/user_guide/l...-filtering http://php.net/manual/en/book.filter.php |
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
