[eluser]Swedie[/eluser]
I've come to the point where I'm going through all pages for possible holes for SQL-injections and/or XSS attacks.
I'm using $this->input->post('username', TRUE) to enable XSS filtering.
I'm using a free trial version of Acunetix and I'm letting it rip on this page.
It returns that form is vulnerable because the gave the following result:
URL encoded POST input password was set to '"()&%1[removed]prompt(924738)[removed]
Does this mean that the XSS filter that CI has built in, is not sufficient and that I should create my own unique filter for each input field that I might have on my site?
