[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: [SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser (/showthread.php?tid=19753) |
[SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009 [eluser]bobbob[/eluser] I am getting some news feeds and filtering before entering into the database. As a result when I echo out the contents the comments display in the text as <!--Some comment: coments --> for example. I am sure xss_clean() is doing this. Is there a fix so they are removed or stay as tags in the database? Thanks [SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009 [eluser]Thorpe Obazee[/eluser] I am not sure about this but I believe the form helper form_prep is the one doing the conversion. One way to do it is to avoid the form helpers. [SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009 [eluser]bobbob[/eluser] If i drop using xss_clean() is there a way of avoiding writing some equivalent function which just doesn't turn comments into entities? Reg expressions are not my fave. [SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009 [eluser]Thorpe Obazee[/eluser] [quote author="bobbob" date="1245320263"]If i drop using xss_clean() is there a way of avoiding writing some equivalent function which just doesn't turn comments into entities? Reg expressions are not my fave.[/quote] Did you read my post above? [SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009 [eluser]bobbob[/eluser] I thought I had but it has been a long day. So without the helpers is there a simple way? [SOLVED]How can I stop xss_clean from turning Html comment tags into entities thus displaying in the browser - El Forum - 06-17-2009 [eluser]bobbob[/eluser] So I solved this myself I think. It has not been widely tested but seems to make sense. Code: <?php |