xss security |
[eluser]Xavier D.[/eluser]
Hi, Is there a reason why $config['global_xss_filtering'] = FALSE; Is FALSE by default? I don't see any problems if by default the TRUE flag should be set. What is the experience with this parameter. let's say www.site.be/folder/[removed]alert([removed])[removed] will this pass or be protected?
[eluser]Hannes Nevalainen[/eluser]
Quote:By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.Quoted from the user guide =) (input and security class) //Hannes
[eluser]Xavier D.[/eluser]
[quote author="Hannes Nevalainen" date="1218297246"] Quote:By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.Quoted from the user guide =) (input and security class) //Hannes[/quote] ok thx, I thought it was still in beta. But it does the trick?
|
Welcome Guest, Not a member yet? Register Sign In |