+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: A doubt about Xss filter (/showthread.php?tid=58468)
A doubt about Xss filter - El Forum - 06-14-2013
[eluser]satie[/eluser]
If i set xss filtering:
Code:
$config['global_xss_filtering'] = TRUE;Coud I avoid this?
Code:
if ($this->security->xss_clean($file, TRUE) ===FALSE){
...
}or this?
Code:
$this->security->xss_clean($file, TRUE) === FALSEor
Code:
$filename = $this->security->sanitize_filename($this->input->post('filename'));A doubt about Xss filter - El Forum - 06-14-2013
[eluser]jairoh_[/eluser]
it's what the user guide says. then yes.
A doubt about Xss filter - El Forum - 06-14-2013
[eluser]Alucemet[/eluser]
You really do not want to enable global xss filtering. There are many times when your input variables will better validated was integer or something that is less expensive than xss_clean();
If you have a low traffic site then it's probably not that bad, and in that case go for it.
A doubt about Xss filter - El Forum - 06-17-2013
[eluser]satie[/eluser]
Ok, thanks jairoh_ and Alucemet.
Yes, I'm developing a site that should have high traffic. So, i prefer to use as much as possible all CI security libraries with my own.
Thanks for your answer.