Welcome Guest, Not a member yet? Register   Sign In
How to use global_xss_filter ???
#1

[eluser]Buso[/eluser]
I have it set to TRUE but it doesn't seem to do anything

How does it work??


I want it to prevent users from injecting html tags like <javascript> some hacks </javascript>, or anything of the sort.


I am sending a form with a message with some html tags, the controller makes the validation (without the xss_clean option, since i wanna test the global_xss_filter option), then it is saved in the DB with active record. First I was using this:

Code:
public function postComment() {
  $this->db->insert('comments',$_POST);
}

then I tried this:

Code:
public function postComment() {
  $comment = array('date' => time(),
               'username' => $this->input->post('username'),
           'title' => $this->input->post('title'),
           'email' => $this->input->post('email'),
           'body' => $this->input->post('body'));
  $this->db->insert('comments',$comment);
}

But the xss global filter still doesn't work.

What should I do?
#2

[eluser]Thorpe Obazee[/eluser]
what happens when you use
Code:
$this->input->xss_clean()
?
#3

[eluser]iFadey[/eluser]
This is what he's saying. He don't want to use

Code:
$this->input->xss_clean();

He wants to use global xss filter which can be enabled from config.php file. So the problem is his global xss filter is not working.
#4

[eluser]überfuzz[/eluser]
Not that I wanna treat you like a noob, but have you updated the config file on your server?
#5

[eluser]Buso[/eluser]
[quote author="überfuzz" date="1257432061"]Not that I wanna treat you like a noob, but have you updated the config file on your server?[/quote]
no problem

yes.. Im trying to make it work in my test server (here in my own pc), so no need to update anything.




edit: now i noticed that xss_clean(), and the local xss_clean option aren't working either, what should I do? Something is messed up =SSSS
#6

[eluser]bigtony[/eluser]
I've always found the global filter works for me (it replaces naughty html tags with [removed]).
What happens for you?
#7

[eluser]Thorpe Obazee[/eluser]
[quote author="iFadey" date="1257431813"]This is what he's saying. He don't want to use

Code:
$this->input->xss_clean();

He wants to use global xss filter which can be enabled from config.php file. So the problem is his global xss filter is not working.[/quote]

I never said that he should stick with it. I wanted to know if it worked. Or wasn't that clear when I asked, "what happens when you use $this->input->xss_clean()"?
#8

[eluser]iFadey[/eluser]
Oops! I am sorry :red:
#9

[eluser]Buso[/eluser]
this is killing me, i can't get any of the xss filtering options to work.
Any ideas??

this is how i configure the rules in the form_validation.php file

'rules' => 'required|max_length[1000]|xss_clean'

the 'required' rule is working, so what's wrong with the clean?

>_>
#10

[eluser]überfuzz[/eluser]
Are you sure that form_validation handles xss cleaning..? Read the user_guide.




Theme © iAndrew 2016 - Forum software by © MyBB