Execluding a variable from the XSS filter?

[eluser]EEssam[/eluser]
Hi,

I have the global XSS filter enabled and now I'm coding the web-based template editor, so there will be <scri*pt>, etc tags.

How can I exclude a variable named $blablabla from being filtered?

Please help.

[eluser]EEssam[/eluser]
No solution!? :|

[eluser]gungbao[/eluser]
see also the discussion here - http://ellislab.com/forums/viewthread/83358/

I understand it in that way, that you want to globally set

Code:

$config['global_xss_filtering'] = TRUE;

but only for a particular controller-action, you want to set

Code:

$config['global_xss_filtering'] = FALSE;

and do it on an item based logic as described here

http://ellislab.com/codeigniter/user-gui...input.html


My first idea is a little hack: make a pre_system hook as described here.
http://ellislab.com/codeigniter/user-gui...hooks.html

In the hook you parse the request-uri to check for the controller/action you want to disable global xss-filtering - since ci does not provide a nice&simple;access to the choosen controller/action in that state of the script.

Once you have done that, you can globalize the $config['global_xss_filtering'] in the hook and switch it off.

[eluser]EEssam[/eluser]
Hi,

I tried what you said but it didn't work

My hooks/config.php:

$hook['pre_system'] = array(
'class' => '',
'function' => 'myinit',
'filename' => 'init.php',
'filepath' => 'hooks',
'params' => array('beer', 'wine', 'snacks')
);

My init.php file:

&lt;?php

function myinit()
{
$config['global_xss_filtering'] = FALSE;
}

?&gt;

I enabled hooks as well from config.php file. It has no effect at all.

Please help.