How to use global_xss_filter ??? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: How to use global_xss_filter ??? (/showthread.php?tid=24281) Pages:
1
2
|
How to use global_xss_filter ??? - El Forum - 11-05-2009 [eluser]Buso[/eluser] I have it set to TRUE but it doesn't seem to do anything How does it work?? I want it to prevent users from injecting html tags like <javascript> some hacks </javascript>, or anything of the sort. I am sending a form with a message with some html tags, the controller makes the validation (without the xss_clean option, since i wanna test the global_xss_filter option), then it is saved in the DB with active record. First I was using this: Code: public function postComment() { then I tried this: Code: public function postComment() { But the xss global filter still doesn't work. What should I do? How to use global_xss_filter ??? - El Forum - 11-05-2009 [eluser]Thorpe Obazee[/eluser] what happens when you use Code: $this->input->xss_clean() How to use global_xss_filter ??? - El Forum - 11-05-2009 [eluser]iFadey[/eluser] This is what he's saying. He don't want to use Code: $this->input->xss_clean(); He wants to use global xss filter which can be enabled from config.php file. So the problem is his global xss filter is not working. How to use global_xss_filter ??? - El Forum - 11-05-2009 [eluser]überfuzz[/eluser] Not that I wanna treat you like a noob, but have you updated the config file on your server? How to use global_xss_filter ??? - El Forum - 11-05-2009 [eluser]Buso[/eluser] [quote author="überfuzz" date="1257432061"]Not that I wanna treat you like a noob, but have you updated the config file on your server?[/quote] no problem yes.. Im trying to make it work in my test server (here in my own pc), so no need to update anything. edit: now i noticed that xss_clean(), and the local xss_clean option aren't working either, what should I do? Something is messed up =SSSS How to use global_xss_filter ??? - El Forum - 11-05-2009 [eluser]bigtony[/eluser] I've always found the global filter works for me (it replaces naughty html tags with [removed]). What happens for you? How to use global_xss_filter ??? - El Forum - 11-05-2009 [eluser]Thorpe Obazee[/eluser] [quote author="iFadey" date="1257431813"]This is what he's saying. He don't want to use Code: $this->input->xss_clean(); He wants to use global xss filter which can be enabled from config.php file. So the problem is his global xss filter is not working.[/quote] I never said that he should stick with it. I wanted to know if it worked. Or wasn't that clear when I asked, "what happens when you use $this->input->xss_clean()"? How to use global_xss_filter ??? - El Forum - 11-05-2009 [eluser]iFadey[/eluser] Oops! I am sorry :red: How to use global_xss_filter ??? - El Forum - 11-05-2009 [eluser]Buso[/eluser] this is killing me, i can't get any of the xss filtering options to work. Any ideas?? this is how i configure the rules in the form_validation.php file 'rules' => 'required|max_length[1000]|xss_clean' the 'required' rule is working, so what's wrong with the clean? >_> How to use global_xss_filter ??? - El Forum - 11-05-2009 [eluser]überfuzz[/eluser] Are you sure that form_validation handles xss cleaning..? Read the user_guide. |