+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: What exactly does xss_clean filter? (/showthread.php?tid=43373)
What exactly does xss_clean filter? - El Forum - 07-09-2011
[eluser]gunnarflax[/eluser]
If I should have javascript in a textarea which I submit looking like this:
Code:
[removed]
Alert('Oh NO!');
[removed]What of this would be removed? I mean, if I filter blog entries does it remove potential javascripts which are of no threat and what about object-elements?
What exactly does xss_clean filter? - El Forum - 07-09-2011
[eluser]gunnarflax[/eluser]
Ok I guess that the script tag got removed. But then I have a problem. I have set a rule for form validation like this:
Code:
'required|xss_clean'but later when I try to get it with:
Code:
$this->input->post('input');I still get the script tag in the database. What use is there to have xss_clean in a rule if I must set the second parameter in the method post to TRUE anyway?
Code:
$this->input->post('input', TRUE);What exactly does xss_clean filter? - El Forum - 07-09-2011
[eluser]gunnarflax[/eluser]
Ok, nevermind it, I just had a bug in my code, it does get clean by setting the rule
