Welcome Guest, Not a member yet? Register   Sign In
Question about CI XSS filter and HTMLPurifier
#1

(This post was last modified: 06-01-2015, 02:45 PM by Mel9pr.)

I use tinymce on my textarea input forms to make easy to add basic things like links, formated text, colored text and so on.

Because we are not suppose to use CI XSS filter on the input but on the output instead I do something like this to output textarea data;

Code:
$textarea_data = $this->security->xss_clean($textarea_data_from_database);
echo $text_area_data;

Because I am worry about MySql injections I use HTMLPurifier to input textarea data like this:

Code:
$input_textarea_data = html_purify($this->input->post($input_textarea_data));

because I can not use CI input validation with a WYSIWYG editor (Am I right?) so I use HTMLPurifier instead.

My questions are...

Could CI XSS filter alter or neutralize HTMLPurifier's protection?

or

Must I avoid CI XSS filter to output HTMLPurifier filtered data?

Thanks!
Reply


Messages In This Thread
Question about CI XSS filter and HTMLPurifier - by Mel9pr - 06-01-2015, 02:42 PM



Theme © iAndrew 2016 - Forum software by © MyBB