Security Issues (input and output)

Security Issues (input and output)

CINewb
Member
Posts: 79
Threads: 17
Joined: Apr 2016
Reputation: 3

04-29-2016, 07:18 AM

Just a quick one, could anyone explain why we should use xss_clean() ?

My understanding has always been that htmlspecialchars() or htmlentities() with ENT_QUOTES is enough?

Therefore isn't CI's escape_html() all that is needed to prevent XSS attacks on output?

Messages In This Thread

Security Issues (input and output) - by raghavgarg - 04-23-2016, 05:19 PM

RE: Security Issues (input and output) - by wishmaster - 04-25-2016, 12:32 PM

RE: Security Issues (input and output) - by mwhitney - 04-26-2016, 09:55 AM

RE: Security Issues (input and output) - by CINewb - 04-29-2016, 07:18 AM

RE: Security Issues (input and output) - by raghavgarg - 04-29-2016, 02:52 PM