Welcome Guest, Not a member yet? Register   Sign In
Security in post/get

Hi all,

I'm using $this->input->post("field", TRUE), to protect the system, but, I think the function does not do everything that I thought would.

I'm doing one seach page, the user write the word in one input, after the sumit, i do one echo in the value of the input, as a test, I wrote "script alert("hello") /script", and the alert work on...

there is something in the framework that implements the slashs, trim, htmlentities? if not, what security do you advise me?

And really thanks to David Pennington, for this video about security. Thanks man!

[eluser]Thorpe Obazee[/eluser]
Do you mean you tested writing:
script alert(“hello”) /script


<script> alert(“hello”) </script>


EDIT: I actually tried it and it didn't work as the xss filter would replace the word '<script>' and '</script>' with '[removed]'

Theme © iAndrew 2016 - Forum software by © MyBB