Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Input Lib: XSS Clean
Input Lib: XSS Clean
  • El Forum
    Unregistered
  •  
#1
06-02-2009, 10:05 AM

[eluser]louis w[/eluser]
Maybe not a "bug" but something that should be thought about and possibly improved.

With global xss clean on, someone is able to manipulate the output of page by injecting html into a variable when that variable is being output directly to the browser (e.g. to pass long to the next stage of a form)

Example:
destination = whatever"><h1>Hello</h1>youwhat


Messages In This Thread
Input Lib: XSS Clean - by El Forum - 06-02-2009, 10:05 AM
Input Lib: XSS Clean - by El Forum - 06-02-2009, 02:34 PM
Input Lib: XSS Clean - by El Forum - 06-02-2009, 02:49 PM
Input Lib: XSS Clean - by El Forum - 06-02-2009, 02:58 PM
Input Lib: XSS Clean - by El Forum - 06-02-2009, 03:42 PM



Theme © iAndrew 2016 - Forum software by © MyBB