CodeIgniter Forums
xss clean issue - Printable Version

+- CodeIgniter Forums (
+-- Forum: Development (
+--- Forum: Issues (
+--- Thread: xss clean issue (/showthread.php?tid=70262)

xss clean issue - michaelv - 03-15-2018

CI 3.1.5
i have an issue with a form validation +xss_clean,
input string is : route val de soane

->set_rules('adresse', 'Adresse', 'required|xss_clean|trim|max_length[255]')...

>route val de soane

>routeval de soane

the xss_clean feature remove the space beetwen route & val

any way to avoid this?

sytem/core/Security.php line 448 if i remove 'eval' from the $words array no probleme

RE: xss clean issue - jreklund - 03-15-2018

You shouldn't use xss_clean on input. You should filter the data if you expect only letters.

Use html_escape on output instead.

RE: xss clean issue - dave friend - 03-16-2018

The rule 'xss_clean' was removed from CI at version 3.0.0 read this

RE: xss clean issue - michaelv - 03-16-2018

i still have the global xss protection activated

RE: xss clean issue - dave friend - 03-16-2018

Visit the links provided to see why that's not recommended.
Also, read this

In short, don't use the global xss clean

An in-depth and technically dense discussion on XSS prevention can be found HERE