Welcome Guest, Not a member yet? Register   Sign In
XSS Protection is removing [removed] tags - but I don't want it to! :)

Hey folks,

CodeIgniter is brilliant but I'm using it to develop a site where users need to be able to share their code for websites. Unfortunately, CodeIgniter has been doing the "right" thing by removing [removed] tags from my user's inputs into the database, so when it's returned data looks like this:

[removed] User's data [removed]

However, I need my site to DISPLAY script tags but obviously not PARSE them. How can I get CodeIgniter or PHP to return Script tags, but still sanitise them for the database and return them without them executing?



EDIT: Oh look, how ironic, even CodeIgniter's forum removes [removed] tags too. Haha! [removed] [removed] [removed] - I mean, < script >

If you want your users to input HTML, Javascript, code, and what have you, you shouldn't clean it, but escape the input with htmlentities, so any HTML in the input becomes harmless.

Theme © iAndrew 2016 - Forum software by © MyBB