Safe output |
OK I understand it after I update my knowledge.
This site explain clear enough. http://stackoverflow.com/questions/11253...-vs-output Thank. (07-02-2015, 08:14 AM)BeYourCyber Wrote: Back to question I not make sense if you want to clean output data because it use more resource when compare with clean on input. The logic of cleaning once vs. a million times doesn't hold up on three important points:
Even when you're allowing users to display example code, you need to do something to make sure it's safe. Example code should be displayed, not rendered, so you need to prevent them from breaking out of the sandbox that's created to display the code. xss_clean() does a good job as a basic, prevent-everything type of method, but it's very limited in its usefulness (and effectiveness) because it is not specific to the output conditions. |
Welcome Guest, Not a member yet? Register Sign In |