+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: Issues (https://forum.codeigniter.com/forumdisplay.php?fid=19)
+--- Thread: XSS_CLEAN Truncates Data (/showthread.php?tid=72130)
XSS_CLEAN Truncates Data - mikeh5522 - 11-09-2018
We have a user out in the internet posting data to our API written in CI 3.1.9. The data is in this format:
ID=<some id>&KEY=<some key>&DATA=<very long json data>
In our controller we use:
$id = $this->input->post('id', true);
$key = $this->input->post('key/, true);
$data = $this->input->post('data', true);
After days of trying to figure out why we're not getting this JSON data, I figured out that for some reason XSS_CLEAN would completely erase the JSON data to empty. I can re-produce this problem with $this->input->input_stream('data', true) or $this->security->xss_clean($data)
Not sure if this is bug or it breaks because JSON data is too long (2000 records of name,address,city,state,zip) ..
RE: XSS_CLEAN Truncates Data - jreklund - 11-09-2018
XSS filtering should never be used on input, but on output. Codeigniter have DEPRECATED global_xss_filtering and you should delete those too. You should however validate your data and apply XSS measures on output instead.
https://www.codeigniter.com/user_guide/libraries/input.html#xss-filtering
https://www.codeigniter.com/user_guide/general/security.html#xss-filtering
https://www.codeigniter.com/user_guide/libraries/security.html#xss-filtering
http://php.net/manual/en/book.filter.php