Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Is xss_clean still used in CodeIgniter 4?
Is xss_clean still used in CodeIgniter 4?
#1
03-27-2023, 01:24 AM

I am attempting to migrate a CodeIgniter 2 system to the latest version 4 of the framework. However, I am facing an issue while executing the function $nomUsr = $ security-> xss_clean ($ this-> input-> post ('nomUsr')) in CI4, which is resulting in an error. Is there something missing that I need to load into another file or has xss_clean been removed in CodeIgniter 4? Thanks in advance!
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,671
    Threads: 96
    Joined: Oct 2014
    Reputation: 230
#2
03-27-2023, 01:46 AM

xss_clean() does not prevent XSS perfectly, but breaks the input data unexpectedly. It is very bad practice in old age.
CI4 has no such functionality.
See https://codeigniter4.github.io/CodeIgnit...ipting-xss

But if you want input filtering CI4 has input filter functionality.
See https://codeigniter4.github.io/CodeIgnit...t::getPost

See also https://forum.codeigniter.com/post-371313.html
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply




Theme © iAndrew 2016 - Forum software by © MyBB