CodeIgniter Forums
[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: [SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser (/thread-19753.html)



[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009

[eluser]bobbob[/eluser]
I am getting some news feeds and filtering before entering into the database.
As a result when I echo out the contents the comments display in the text as <!--Some comment: coments --> for example. I am sure xss_clean() is doing this.
Is there a fix so they are removed or stay as tags in the database?
Thanks


[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009

[eluser]Thorpe Obazee[/eluser]
I am not sure about this but I believe the form helper form_prep is the one doing the conversion.

One way to do it is to avoid the form helpers.


[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009

[eluser]bobbob[/eluser]
If i drop using xss_clean() is there a way of avoiding writing some equivalent function which just doesn't turn comments into entities? Reg expressions are not my fave.


[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009

[eluser]Thorpe Obazee[/eluser]
[quote author="bobbob" date="1245320263"]If i drop using xss_clean() is there a way of avoiding writing some equivalent function which just doesn't turn comments into entities? Reg expressions are not my fave.[/quote]

Did you read my post above?


[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009

[eluser]bobbob[/eluser]
I thought I had but it has been a long day.
So without the helpers is there a simple way?


[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009

[eluser]bobbob[/eluser]
So I solved this myself I think.
It has not been widely tested but seems to make sense.

Code:
<?php
$body = stripslashes($body);
  $body = str_replace('<!--','<!--',$body);
  $body = str_replace('-->','-->',$body);
  
  echo $body;
?>
That would be & l t ; ! - - and - - & g t ; without the spaces as that function is being done on my post too!