Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion xss security
xss security
  • El Forum
    Guest
  •  
#1
08-09-2008, 04:34 AM

[eluser]Xavier D.[/eluser]
Hi,

Is there a reason why $config['global_xss_filtering'] = FALSE;

Is FALSE by default?

I don't see any problems if by default the TRUE flag should be set.

What is the experience with this parameter.

let's say www.site.be/folder/[removed]alert([removed])[removed] will this pass or be protected?
  • El Forum
    Guest
  •  
#2
08-09-2008, 04:54 AM

[eluser]Hannes Nevalainen[/eluser]
Quote:By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.
Quoted from the user guide =) (input and security class)

//Hannes
  • El Forum
    Guest
  •  
#3
08-09-2008, 05:26 AM

[eluser]Xavier D.[/eluser]
[quote author="Hannes Nevalainen" date="1218297246"]
Quote:By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.
Quoted from the user guide =) (input and security class)

//Hannes[/quote]

ok thx, I thought it was still in beta.

But it does the trick?
  • El Forum
    Guest
  •  
#4
08-09-2008, 05:52 AM

[eluser]Michael Wales[/eluser]
yup.




Theme © iAndrew 2016 - Forum software by © MyBB