Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Can a URI var ever be malicious?
Can a URI var ever be malicious?
  • El Forum
    Guest
  •  
#3
04-19-2012, 10:38 PM

[eluser]theshiftexchange[/eluser]
[quote author="luismartin" date="1334870019"]You are preventing from SQL injections by using CI's active record, but not from XSS attacks (javascript).
To do so, you can perform different steps:

- To set the XSS filtering config variable to TRUE: $config['global_xss_filtering'] = TRUE;

- To set to TRUE the second parameter of the post() and get() methods of Input class:
$clean_data = $this->input->post('myfield', true);

- To use the xss_clean method of Security class:
$clean_data = $this->security->xss_clean($data);[/quote]

Thanks - but if I am using the default CI URI chars - can a XSS attack occur with only those chars?

Code:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';


Messages In This Thread
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 10:00 AM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 02:13 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 10:38 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 11:02 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 11:04 PM
Can a URI var ever be malicious? - by El Forum - 04-20-2012, 10:27 AM
Can a URI var ever be malicious? - by El Forum - 04-20-2012, 10:44 AM



Theme © iAndrew 2016 - Forum software by © MyBB