CodeIgniter Forums

Full Version: XSS filtering and the manual..
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]Ramania[/eluser]
Quote:CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.

i wasted more than two hours of my life trying to figure out the problem with my jQuery code, because i believed the manual and didn't even bother to look into the config file.. please fix this .. XSS filtering DOES RUN globally by default Smile.

El Forum

[eluser]Benito[/eluser]
From INPUT CLASS docs:
Quote:CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.

I think there is a saying, which says: Its not the water's fault that the fish can't swim Smile

El Forum

[eluser]danmontgomery[/eluser]
Defaults to false...

Code:
$config['global_xss_filtering'] = FALSE;