CodeIgniter Forums
How do I stop Stored XSS - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: How do I stop Stored XSS (/showthread.php?tid=80765)



How do I stop Stored XSS - chakycool - 12-15-2021

Hi All,
If you enter "<script>alert('xss');</script>" in to your form and save, this script get triggered on the page load. 
What is the best way to stop these Stored XSS scripts globally?
Thanks.


RE: How do I stop Stored XSS - chakycool - 12-15-2021

I'm looking for a global option where I don't have to worry about printing any stored data.


RE: How do I stop Stored XSS - seunex - 12-15-2021

You can you entity to cast the data from the database.


RE: How do I stop Stored XSS - InsiteFX - 12-16-2021

Use html purifier.