CodeIgniter Forums
XSS_CLEAN Truncates Data - Printable Version

+- CodeIgniter Forums (
+-- Forum: Development (
+--- Forum: Issues (
+--- Thread: XSS_CLEAN Truncates Data (/thread-72130.html)

XSS_CLEAN Truncates Data - mikeh5522 - 11-09-2018

We have a user out in the internet posting data to our API written in CI 3.1.9.  The data is in this format:

ID=<some id>&KEY=<some key>&DATA=<very long json data>

In our controller we use:

$id = $this->input->post('id', true);
$key = $this->input->post('key/, true);
$data = $this->input->post('data', true);

After days of trying to figure out why we're not getting this JSON data, I figured out that for some reason XSS_CLEAN would completely erase the JSON data to empty.  I can re-produce this problem with $this->input->input_stream('data', true) or $this->security->xss_clean($data)

Not sure if this is bug or it breaks because JSON data is too long (2000 records of name,address,city,state,zip) ..

RE: XSS_CLEAN Truncates Data - jreklund - 11-09-2018

XSS filtering should never be used on input, but on output. Codeigniter have DEPRECATED global_xss_filtering and you should delete those too. You should however validate your data and apply XSS measures on output instead.