xss_clean and GET - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: xss_clean and GET (/showthread.php?tid=3342) |
xss_clean and GET - El Forum - 09-25-2007 [eluser]charlieD[/eluser] Does anyone know what does the xss_clean (whether invoked automatically or directly) actually do? I.e. what kinds of tests does it run? Also, for the site I'm developing at the moment I've had to enable GET params. Does CodeIgniter automatically run xss_clean on these or should I make that implicit? I know it does some checking for invalid characters on the query string, but is this the full xss_clean check? xss_clean and GET - El Forum - 09-25-2007 [eluser]nmweb[/eluser] It's kind of lengthy but here you go. It removes all sorts of stuff that could indicate an XSS attack. It's not run automatically by default although it could be configured to do so somewhere in the config files. Code: * Remove Null Characters |