Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion now im confused... (making user input safe)
now im confused... (making user input safe)
  • El Forum
    Guest
  •  
#6
04-22-2009, 09:43 PM

[eluser]oddman[/eluser]
XSS I'm fairly certain (but don't quote me on this) stands for cross-site scripting. What that means is, you don't want variables you can put in a form or via a URL being output to a page, unless it's protected from this sort of attack. Basically all you really have to do is encode all html entities, which I'm pretty sure xss_clean does. So no, for saving data you don't have to do that - but for output, you absolutely should - when the data is from an insecure source. Also, if you don't clean your data before input (ie. you allow all sorts of characters), you need to be very careful with outputting that data.

Hope that helps.


Messages In This Thread
now im confused... (making user input safe) - by El Forum - 04-22-2009, 08:59 PM
now im confused... (making user input safe) - by El Forum - 04-22-2009, 09:06 PM
now im confused... (making user input safe) - by El Forum - 04-22-2009, 09:21 PM
now im confused... (making user input safe) - by El Forum - 04-22-2009, 09:28 PM
now im confused... (making user input safe) - by El Forum - 04-22-2009, 09:37 PM
now im confused... (making user input safe) - by El Forum - 04-22-2009, 09:43 PM
now im confused... (making user input safe) - by El Forum - 04-23-2009, 03:50 AM
now im confused... (making user input safe) - by El Forum - 04-24-2009, 06:33 AM



Theme © iAndrew 2016 - Forum software by © MyBB