Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming [SOLVED]xss not stripping script on ajax requests
[SOLVED]xss not stripping script on ajax requests
  • El Forum
    Unregistered
  •  
#1
07-25-2012, 11:44 AM

[eluser]bobbob[/eluser]
When ajax sends script tag it gets url encoded. I can't put it in here as it gets removed which is great but somehow when I run form_validation on it with xss it still gets through as a script tag to the db.

Receiving controller code that validates the list name:

Code:
public function create_new_list()
{
  $status['status'] = 0;
  $status['message'] = S_ERROR;
  $this->load->library('form_validation');
  $this->form_validation->set_rules('name', 'name', 'required|xss');
  $this->form_validation->set_rules('emails', 'emails', 'required|xss');
  if ($this->form_validation->run() != FALSE) {
   $list_id = $this->lists_model->create_new_list($_POST['name'],$this->session->userdata('user_id'));
   $status = $this->lists_model->add_to_email_list($_POST['emails'], $list_id);
  }
  echo json_encode($status);
}

emails are validated in the model. I am concerned with $_POST['name']
Did I misunderstand the validation class?


Messages In This Thread
[SOLVED]xss not stripping script on ajax requests - by El Forum - 07-25-2012, 11:44 AM
[SOLVED]xss not stripping script on ajax requests - by El Forum - 07-25-2012, 11:59 AM
[SOLVED]xss not stripping script on ajax requests - by El Forum - 07-25-2012, 12:06 PM



Theme © iAndrew 2016 - Forum software by © MyBB