Form Validation and xss

Form Validation and xss_clean

El Forum
Unregistered

12-28-2010, 12:03 PM

[eluser]Madmartigan1[/eluser]
If the email is valid, how can it be dangerous? I'm no security expert...

Quote:If you are later using active record to insert or update then it would be as active record runs xss_clean.

Not following you there. Can you clarify? I always use active record and it does not xss_clean by default afaik. I ran into this when I had to edit templates and allow <scri*pt> tags.

Messages In This Thread

Form Validation and xss_clean - by El Forum - 12-28-2010, 11:49 AM

Form Validation and xss_clean - by El Forum - 12-28-2010, 12:00 PM

Form Validation and xss_clean - by El Forum - 12-28-2010, 12:03 PM

Form Validation and xss_clean - by El Forum - 12-28-2010, 12:11 PM

Form Validation and xss_clean - by El Forum - 12-28-2010, 12:22 PM

Form Validation and xss_clean - by El Forum - 12-29-2010, 05:49 AM

Form Validation and xss_clean - by El Forum - 12-29-2010, 08:06 AM

Form Validation and xss_clean - by El Forum - 12-29-2010, 08:19 AM

Form Validation and xss_clean - by El Forum - 12-29-2010, 08:25 AM

Form Validation and xss_clean - by El Forum - 12-29-2010, 08:43 AM