exclude one field from xss filtering - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: exclude one field from xss filtering (/showthread.php?tid=37185) |
exclude one field from xss filtering - El Forum - 12-31-2010 [eluser]Arun Joshi[/eluser] Hi, I have enabled $config['global_xss_filtering'] to TRUE in config file. Now its working fine. But in one form, I dont want this filtering. How to exclude this field from xss filtering? -Arun exclude one field from xss filtering - El Forum - 12-31-2010 [eluser]Madmartigan1[/eluser] I may be wrong about this (I hope I am), but to put it simply: You can't. I ran into this recently. Your best bet is to disable it globally. You might be able to come up with a pre-system hook for this, but that's the only other option I think could possibly work. The filter runs too early in CI execution for you to do anything about it in your controller. Update - see here: http://stackoverflow.com/questions/3788476/codeigniter-disable-xss-filtering-on-a-post-basis exclude one field from xss filtering - El Forum - 12-31-2010 [eluser]Arun Joshi[/eluser] Hi, Actually I want disable the xss filtering for my html editor field. If I turned it on, the tags are breaking. Is there anyway to resolve this problem? -Arun exclude one field from xss filtering - El Forum - 12-31-2010 [eluser]michalsn[/eluser] Maybe something like this: Code: $this->config->set_item('global_xss_filtering', FALSE); exclude one field from xss filtering - El Forum - 12-31-2010 [eluser]Madmartigan1[/eluser] [quote author="michalsn" date="1293849095"]Maybe something like this: Code: $this->config->set_item('global_xss_filtering', FALSE); The input class has already filtered the data by the time you set the config item, so this will not work. Please read the link I posted, it offers a good solution other than the one I already suggested. |