CodeIgniter Forums
XSS_CLEAN Truncates Data - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forum-6.html)
+--- Forum: Issues (https://forum.codeigniter.com/forum-19.html)
+--- Thread: XSS_CLEAN Truncates Data (/thread-72130.html)



XSS_CLEAN Truncates Data - mikeh5522 - 11-09-2018

We have a user out in the internet posting data to our API written in CI 3.1.9.  The data is in this format:

ID=<some id>&KEY=<some key>&DATA=<very long json data>

In our controller we use:

$id = $this->input->post('id', true);
$key = $this->input->post('key/, true);
$data = $this->input->post('data', true);

After days of trying to figure out why we're not getting this JSON data, I figured out that for some reason XSS_CLEAN would completely erase the JSON data to empty.  I can re-produce this problem with $this->input->input_stream('data', true) or $this->security->xss_clean($data)

Not sure if this is bug or it breaks because JSON data is too long (2000 records of name,address,city,state,zip) ..


RE: XSS_CLEAN Truncates Data - jreklund - 11-09-2018

XSS filtering should never be used on input, but on output. Codeigniter have DEPRECATED global_xss_filtering and you should delete those too. You should however validate your data and apply XSS measures on output instead.

https://www.codeigniter.com/user_guide/libraries/input.html#xss-filtering
https://www.codeigniter.com/user_guide/general/security.html#xss-filtering
https://www.codeigniter.com/user_guide/libraries/security.html#xss-filtering

http://php.net/manual/en/book.filter.php