What exactly does xss_clean filter? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: What exactly does xss_clean filter? (/showthread.php?tid=43373) |
What exactly does xss_clean filter? - El Forum - 07-09-2011 [eluser]gunnarflax[/eluser] If I should have javascript in a textarea which I submit looking like this: Code: [removed] What of this would be removed? I mean, if I filter blog entries does it remove potential javascripts which are of no threat and what about object-elements? What exactly does xss_clean filter? - El Forum - 07-09-2011 [eluser]gunnarflax[/eluser] Ok I guess that the script tag got removed. But then I have a problem. I have set a rule for form validation like this: Code: 'required|xss_clean' but later when I try to get it with: Code: $this->input->post('input'); I still get the script tag in the database. What use is there to have xss_clean in a rule if I must set the second parameter in the method post to TRUE anyway? Code: $this->input->post('input', TRUE); What exactly does xss_clean filter? - El Forum - 07-09-2011 [eluser]gunnarflax[/eluser] Ok, nevermind it, I just had a bug in my code, it does get clean by setting the rule |