xss_clean() truncating data |
Hi,
I have input value as '<value_range>Test</value_range>', When I use $this->oSecurity->xss_clean($value), I am getting outcome as <value>Test</value> Can somebody please help me here
xss_clean are supposed to remove invalid data, if it deem it not to be secure. What are you doing with the string after you have run it in xss_clean?
XSS protection are only supposed to be done on output (rendering) not input (saving to database).
Filtering on the other hand should be done input, checking that you are only accepting numbers etc. from the user. And on output, you are showing it as is? What are you doing with that <range> field?
(08-28-2020, 09:12 AM)jreklund Wrote: XSS protection are only supposed to be done on output (rendering) not input (saving to database).It is just a simple value for one of the field. I want to achieve , Whatever I have placed on UI like '<value_range>Test</value_range>' Should keep same but because of xss_clean() my values are getting altered. |
Welcome Guest, Not a member yet? Register Sign In |