Global_xss_filtering Anomaly?

[eluser]Vik[/eluser]
I have a form on the site I'm developing, so I set:

$config['global_xss_filtering'] = TRUE;

...in config.php.

I then tried out my form, and at first everything went fine.

I was curious about whether global_xss_filtering filtered html out of the form entry fields, so I tried entering this into one of the form fields:

Code:

<b>some text</b>

When I clicked the submit button, I got an error message saying "call to undefined function get_instance()", in the _html_entity_decode_callback function, in the input.php file.

Do I need to do something else to enable xss filtering in a case like this?

[eluser]Michael Wales[/eluser]
xss filtering does not filter out HTML submitted within your forms.

Your error message is addressed in this bud report.

[eluser]Vik[/eluser]
Thanks very much. That fixed it. I'll just use strip_tags on the data before it gets stored in the database.

Somewhat off-topic - is it possible (and acceptable) to change the data in the server's post array? A la, something like this:

Code:

$data = $_POST[0]->'theKey';
$POST[0]->'theKey' = strip_tags($data);

I'd try it but it seems like it might break something.