+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: How to use global_xss_filter ??? (/showthread.php?tid=24281)
Pages:
1
2
How to use global_xss_filter ??? - El Forum - 11-05-2009
[eluser]Buso[/eluser]
I have it set to TRUE but it doesn't seem to do anything
How does it work??
I want it to prevent users from injecting html tags like <javascript> some hacks </javascript>, or anything of the sort.
I am sending a form with a message with some html tags, the controller makes the validation (without the xss_clean option, since i wanna test the global_xss_filter option), then it is saved in the DB with active record. First I was using this:
Code:
public function postComment() {
$this->db->insert('comments',$_POST);
}then I tried this:
Code:
public function postComment() {
$comment = array('date' => time(),
'username' => $this->input->post('username'),
'title' => $this->input->post('title'),
'email' => $this->input->post('email'),
'body' => $this->input->post('body'));
$this->db->insert('comments',$comment);
}But the xss global filter still doesn't work.
What should I do?
How to use global_xss_filter ??? - El Forum - 11-05-2009
[eluser]Thorpe Obazee[/eluser]
what happens when you use
Code:
$this->input->xss_clean()How to use global_xss_filter ??? - El Forum - 11-05-2009
[eluser]iFadey[/eluser]
This is what he's saying. He don't want to use
Code:
$this->input->xss_clean();He wants to use global xss filter which can be enabled from config.php file. So the problem is his global xss filter is not working.
How to use global_xss_filter ??? - El Forum - 11-05-2009
[eluser]überfuzz[/eluser]
Not that I wanna treat you like a noob, but have you updated the config file on your server?
How to use global_xss_filter ??? - El Forum - 11-05-2009
[eluser]Buso[/eluser]
[quote author="überfuzz" date="1257432061"]Not that I wanna treat you like a noob, but have you updated the config file on your server?[/quote]
no problem
yes.. Im trying to make it work in my test server (here in my own pc), so no need to update anything.
edit: now i noticed that xss_clean(), and the local xss_clean option aren't working either, what should I do? Something is messed up =SSSS
How to use global_xss_filter ??? - El Forum - 11-05-2009
[eluser]bigtony[/eluser]
I've always found the global filter works for me (it replaces naughty html tags with [removed]).
What happens for you?
How to use global_xss_filter ??? - El Forum - 11-05-2009
[eluser]Thorpe Obazee[/eluser]
[quote author="iFadey" date="1257431813"]This is what he's saying. He don't want to use
Code:
$this->input->xss_clean();He wants to use global xss filter which can be enabled from config.php file. So the problem is his global xss filter is not working.[/quote]
I never said that he should stick with it. I wanted to know if it worked. Or wasn't that clear when I asked, "what happens when you use $this->input->xss_clean()"?
How to use global_xss_filter ??? - El Forum - 11-05-2009
[eluser]iFadey[/eluser]
Oops! I am sorry :red:
How to use global_xss_filter ??? - El Forum - 11-05-2009
[eluser]Buso[/eluser]
this is killing me, i can't get any of the xss filtering options to work.
Any ideas??
this is how i configure the rules in the form_validation.php file
'rules' => 'required|max_length[1000]|xss_clean'
the 'required' rule is working, so what's wrong with the clean?
>_>
How to use global_xss_filter ??? - El Forum - 11-05-2009
[eluser]überfuzz[/eluser]
Are you sure that form_validation handles xss cleaning..? Read the user_guide.