$this->input->post() not escaping JS

$this->input->post() not escaping JS

mstojanov
Junior Member
Posts: 12
Threads: 7
Joined: Dec 2014
Reputation: 2

01-25-2016, 05:43 AM

Why this $this->input->post() not escaping JS scripts?

Example what will happen if someone type in textarea <script>alert('test');</script>?
Will be added in the database as it is and the script will be executed where this textarea will be shown.

Any suggestions?

Here is the var_dump from $this->input->post();

PHP Code:
array (size=1)
  'message' => string '<script>alert('test');</script>' (length=31) 

Messages In This Thread

$this->input->post() not escaping JS - by mstojanov - 01-25-2016, 05:43 AM

RE: $this->input->post() not escaping JS - by Narf - 01-25-2016, 07:11 AM

RE: $this->input->post() not escaping JS - by siburny - 01-27-2016, 01:02 PM

RE: $this->input->post() not escaping JS - by Narf - 01-27-2016, 05:13 PM

RE: $this->input->post() not escaping JS - by siburny - 01-27-2016, 07:35 PM

RE: $this->input->post() not escaping JS - by Narf - 01-28-2016, 03:15 AM