Welcome Guest, Not a member yet? Register   Sign In
xss_clean() truncating data
#1

(This post was last modified: 08-28-2020, 02:07 AM by [email protected].)

Hi,

I have input value as '<value_range>Test</value_range>', When I use 
$this->oSecurity->xss_clean($value), I am getting outcome as <value>Test</value>

Can somebody please help me here
Reply
#2

xss_clean are supposed to remove invalid data, if it deem it not to be secure. What are you doing with the string after you have run it in xss_clean?
Reply
#3

(08-27-2020, 12:36 PM)jreklund Wrote: xss_clean are supposed to remove invalid data, if it deem it not to be secure. What are you doing with the string after you have run it in xss_clean?
Hi Thanks for reply,

After applying xss_clean(), I am storing data to database.
Reply
#4

XSS protection are only supposed to be done on output (rendering) not input (saving to database).
Filtering on the other hand should be done input, checking that you are only accepting numbers etc. from the user.

And on output, you are showing it as is? What are you doing with that <range> field?
Reply
#5

(08-28-2020, 09:12 AM)jreklund Wrote: XSS protection are only supposed to be done on output (rendering) not input (saving to database).
Filtering on the other hand should be done input, checking that you are only accepting numbers etc. from the user.

And on output, you are showing it as is? What are you doing with that <range> field?
It is just a simple value for one of the field.
I want to achieve , Whatever I have placed on UI like 

 '<value_range>Test</value_range>'

Should keep same but because of xss_clean() my values are getting altered.
Reply
#6

Solution: Don't use xss clean on input.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB