(03-21-2016, 01:12 AM)Narf Wrote: (03-20-2016, 07:42 PM)Priyank Wrote: (03-20-2016, 10:59 AM)Narf Wrote: Storing blindly-sanitized data into the database is what will make it vulnerable.
True.. but if I store input data without xss filter then I need to apply xss filter on view. As per my understanding both input side or output side filter will do same change in data. As you told in your last reply you never used XSS Option so Do you know any other way?
I've said no such thing in my last reply (and I didn't have any other reply in this thread).
Yes, you need to apply XSS filtering in the view - that is the only proper way to do it. You're trying to avoid the only correct solution.
Ah.. It was not you Narf. I'm talking about kenjis's reply.
"kenjis Wrote: [url=http://forum.codeigniter.com/post-330215.html#pid330215][/url]You don't have to use XSS option or XSS filtering at all.
It changes your input data in many ways. I have never used it."
