Is codeigniter vulnerable to XSS attacks through input->user_agent()? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: Is codeigniter vulnerable to XSS attacks through input->user_agent()? (/showthread.php?tid=27562) |
Is codeigniter vulnerable to XSS attacks through input->user_agent()? - El Forum - 02-14-2010 [eluser]ChiefChirpa[/eluser] According to http://seclists.org/fulldisclosure/2009/Jul/422 : Quote:$CI->input->user_agent() fails to check the validity of user-agent type. Is this correct? because the session class, tank_auth, etc all call $CI->input->user_agent(), without running it through input->xss_clean()... The method in question (from 1.72): Code: function user_agent() It seems correct to me... |