Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Form Validation and xss_clean
Form Validation and xss_clean
  • El Forum
    Unregistered
  •  
#5
12-28-2010, 12:22 PM

[eluser]Madmartigan1[/eluser]
Yes that will pass the regex, and it is a perfectly valid email.

The point you make about escaping is important for injection security.

The question is about xss_clean and when it is necessary. As I've mentioned, I've had to disable the global filtering as there is no way to disable it after it has been enabled globally. The easy way to is to add the xss_clean rule to every form rule in the app now, but I'm trying to decide where to draw the line.

Is a valid email (according to the default rules CI uses to validate it) a potential security risk?

What about data that has been processed with strip_tags()?

What about data that has been processed with alpha, is_natural, integer, numeric, etc. etc.?

Could any of this data be unsafe? Also, at what point in CI execution does the data typically become harmful?

EDIT: Missed your edit :lol: Whatever it is you changed it to will not pass

EDIT: I'd also like to remind that not every form interacts with a database.


Messages In This Thread
Form Validation and xss_clean - by El Forum - 12-28-2010, 11:49 AM
Form Validation and xss_clean - by El Forum - 12-28-2010, 12:00 PM
Form Validation and xss_clean - by El Forum - 12-28-2010, 12:03 PM
Form Validation and xss_clean - by El Forum - 12-28-2010, 12:11 PM
Form Validation and xss_clean - by El Forum - 12-28-2010, 12:22 PM
Form Validation and xss_clean - by El Forum - 12-29-2010, 05:49 AM
Form Validation and xss_clean - by El Forum - 12-29-2010, 08:06 AM
Form Validation and xss_clean - by El Forum - 12-29-2010, 08:19 AM
Form Validation and xss_clean - by El Forum - 12-29-2010, 08:25 AM
Form Validation and xss_clean - by El Forum - 12-29-2010, 08:43 AM



Theme © iAndrew 2016 - Forum software by © MyBB