+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Execluding a variable from the XSS filter? (/showthread.php?tid=10784)
Execluding a variable from the XSS filter? - El Forum - 08-12-2008
[eluser]EEssam[/eluser]
Hi,
I have the global XSS filter enabled and now I'm coding the web-based template editor, so there will be <scri*pt>, etc tags.
How can I exclude a variable named $blablabla from being filtered?
Please help.
Execluding a variable from the XSS filter? - El Forum - 08-12-2008
[eluser]EEssam[/eluser]
No solution!? :|
Execluding a variable from the XSS filter? - El Forum - 08-21-2008
[eluser]gungbao[/eluser]
see also the discussion here - http://ellislab.com/forums/viewthread/83358/
I understand it in that way, that you want to globally set
Code:
$config['global_xss_filtering'] = TRUE;but only for a particular controller-action, you want to set
Code:
$config['global_xss_filtering'] = FALSE;http://ellislab.com/codeigniter/user-guide/libraries/input.html
My first idea is a little hack: make a pre_system hook as described here.
http://ellislab.com/codeigniter/user-guide/general/hooks.html
In the hook you parse the request-uri to check for the controller/action you want to disable global xss-filtering - since ci does not provide a nice&simple;access to the choosen controller/action in that state of the script.
Once you have done that, you can globalize the $config['global_xss_filtering'] in the hook and switch it off.
Execluding a variable from the XSS filter? - El Forum - 09-07-2008
[eluser]EEssam[/eluser]
Hi,
I tried what you said but it didn't work
My hooks/config.php:
$hook['pre_system'] = array(
'class' => '',
'function' => 'myinit',
'filename' => 'init.php',
'filepath' => 'hooks',
'params' => array('beer', 'wine', 'snacks')
);
My init.php file:
<?php
function myinit()
{
$config['global_xss_filtering'] = FALSE;
}
?>
I enabled hooks as well from config.php file. It has no effect at all.
Please help.