Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help XSS_Clean filters no php tags
XSS_Clean filters no php tags
  • Offline mwhitney
    Posting Freak
  • *****
  • Posts: 1,101
    Threads: 4
    Joined: Nov 2014
    Reputation: 95
#4
09-23-2015, 08:29 AM

If your callback does xss_clean() and you have xss_clean in your rules, you're passing the same data through xss_clean() twice, so the resulting output is going to be questionable anyway. The xss_clean() method replaces <? with &lt;?. The pre element in HTML does not prevent the browser from decoding the HTML entities.

For the most part, the rules will be run in the order you specified.

Please read the upgrade note on using xss_clean as a form validation rule and the note in the documentation of the Input class. xss_clean() should not be used on input, it should only be used when outputting data to HTML.
Bonfire
Practical CodeIgniter 3
CodeIgniter Testing Guide
Reply


Messages In This Thread
XSS_Clean filters no php tags - by Maeggi07 - 09-18-2015, 05:01 PM
RE: XSS_Clean filters no php tags - by PaulD - 09-19-2015, 12:06 PM
RE: XSS_Clean filters no php tags - by Maeggi07 - 09-22-2015, 02:56 PM
RE: XSS_Clean filters no php tags - by mwhitney - 09-23-2015, 08:29 AM



Theme © iAndrew 2016 - Forum software by © MyBB