Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Codeigniter Sanitisation Practices
Codeigniter Sanitisation Practices
  • Offline jreklund
    Administrator
  • *******
  • Posts: 1,408
    Threads: 3
    Joined: Aug 2017
    Reputation: 42
#2
08-02-2018, 09:20 AM
(This post was last modified: 08-02-2018, 09:23 AM by jreklund.)

I'm escaping it with smarty instead, as html_escape are just an alias for htmlspecialchars.

Inside href tags I use:
{$movie->url|htmlspecialchars:2:'UTF-8'|rawurlencode}

For everything else (except src, those need strict XSS protection):
{$movie->trailer|htmlentities:3:'UTF-8'}

New lines to <br>:
{$movie->notes|htmlentities:3:'UTF-8'|nl2br}

You should use a input validation too. So that you filter for just a-Z or what you need. So that you don't accept <script>
Reply


Messages In This Thread
RE: Codeigniter Sanitisation Practices - by jreklund - 08-02-2018, 09:20 AM



Theme © iAndrew 2016 - Forum software by © MyBB