Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Securing my first CI website
Securing my first CI website
  • El Forum
    Unregistered
  •  
#2
02-17-2010, 06:33 AM

[eluser]Maglok[/eluser]
User_guide has this to say:

Quote:CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.

The XSS filter looks for commonly used techniques to trigger Javascript or other types of code that attempt to hijack cookies or do other malicious things. If anything disallowed is encountered it is rendered safe by converting the data to character entities.

Note: This function should only be used to deal with data upon submission. It's not something that should be used for general runtime processing since it requires a fair amount of processing overhead.

So if you can and want to take the performance hit, go for it. Smile


Messages In This Thread
Securing my first CI website - by El Forum - 02-17-2010, 05:25 AM
Securing my first CI website - by El Forum - 02-17-2010, 06:33 AM
Securing my first CI website - by El Forum - 02-17-2010, 11:03 AM
Securing my first CI website - by El Forum - 02-17-2010, 04:10 PM
Securing my first CI website - by El Forum - 02-17-2010, 05:31 PM
Securing my first CI website - by El Forum - 02-17-2010, 06:03 PM
Securing my first CI website - by El Forum - 02-18-2010, 05:49 AM
Securing my first CI website - by El Forum - 02-18-2010, 07:50 AM
Securing my first CI website - by El Forum - 02-20-2010, 05:43 AM



Theme © iAndrew 2016 - Forum software by © MyBB