+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: XSS filtering and the manual.. (/showthread.php?tid=28552)
XSS filtering and the manual.. - El Forum - 03-14-2010
[eluser]Ramania[/eluser]
Quote:CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.
i wasted more than two hours of my life trying to figure out the problem with my jQuery code, because i believed the manual and didn't even bother to look into the config file.. please fix this .. XSS filtering DOES RUN globally by default
.
XSS filtering and the manual.. - El Forum - 03-15-2010
[eluser]Benito[/eluser]
From INPUT CLASS docs:
Quote:CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.
I think there is a saying, which says: Its not the water's fault that the fish can't swim
XSS filtering and the manual.. - El Forum - 03-15-2010
[eluser]danmontgomery[/eluser]
Defaults to false...
Code:
$config['global_xss_filtering'] = FALSE;