[eluser]Buso[/eluser]
I have it set to TRUE but it doesn't seem to do anything
How does it work??
I want it to prevent users from injecting html tags like <javascript> some hacks </javascript>, or anything of the sort.
I am sending a form with a message with some html tags, the controller makes the validation (without the xss_clean option, since i wanna test the global_xss_filter option), then it is saved in the DB with active record. First I was using this:
Code:
public function postComment() {
$this->db->insert('comments',$_POST);
}
then I tried this:
Code:
public function postComment() {
$comment = array('date' => time(),
'username' => $this->input->post('username'),
'title' => $this->input->post('title'),
'email' => $this->input->post('email'),
'body' => $this->input->post('body'));
$this->db->insert('comments',$comment);
}
But the xss global filter still doesn't work.
What should I do?