Characters permitted by Security Filtering?

[eluser]NBrepresent[/eluser]
On the input/security library page of the docs, under the Security Filtering heading one of the bullet points is "Filters the POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters."

Exactly which characters are allowed?

[eluser]Derek Allard[/eluser]
Essentially, ~, %, ., :, _ and -, but this is configurable by you if you want.

Hit your config file and look for

Code:

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_-';

What you see there is the list of character that will be used in a regular expression that filters it.