+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: exclude one field from xss filtering (/showthread.php?tid=37185)
exclude one field from xss filtering - El Forum - 12-31-2010
[eluser]Arun Joshi[/eluser]
Hi,
I have enabled $config['global_xss_filtering'] to TRUE in config file. Now its working fine. But in one form, I dont want this filtering.
How to exclude this field from xss filtering?
-Arun
exclude one field from xss filtering - El Forum - 12-31-2010
[eluser]Madmartigan1[/eluser]
I may be wrong about this (I hope I am), but to put it simply:
You can't.
I ran into this recently. Your best bet is to disable it globally.
You might be able to come up with a pre-system hook for this, but that's the only other option I think could possibly work. The filter runs too early in CI execution for you to do anything about it in your controller.
Update - see here:
http://stackoverflow.com/questions/3788476/codeigniter-disable-xss-filtering-on-a-post-basis
exclude one field from xss filtering - El Forum - 12-31-2010
[eluser]Arun Joshi[/eluser]
Hi,
Actually I want disable the xss filtering for my html editor field. If I turned it on, the tags are breaking. Is there anyway to resolve this problem?
-Arun
exclude one field from xss filtering - El Forum - 12-31-2010
[eluser]michalsn[/eluser]
Maybe something like this:
Code:
$this->config->set_item('global_xss_filtering', FALSE);exclude one field from xss filtering - El Forum - 12-31-2010
[eluser]Madmartigan1[/eluser]
[quote author="michalsn" date="1293849095"]Maybe something like this:
Code:
$this->config->set_item('global_xss_filtering', FALSE);The input class has already filtered the data by the time you set the config item, so this will not work. Please read the link I posted, it offers a good solution other than the one I already suggested.