filter input - escape output

Register Sign In

filter input - escape output

kenjis
Administrator
Posts: 3,286
Threads: 90
Joined: Oct 2014
Reputation: 207

#4

05-22-2016, 02:36 AM

Basically you escape the output with using `html_escape()` in your view files.
https://www.codeigniter.com/userguide3/h...eld-values
It is an alias for `htmlspecialchars()`.

But in some places, using `html_escape()` is not enough.
See https://www.owasp.org/index.php/XSS_%28C...es_Summary

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

Messages In This Thread

filter input - escape output - by edoramedia - 05-22-2016, 01:05 AM

RE: filter input - escape output - by kenjis - 05-22-2016, 02:01 AM

RE: filter input - escape output - by edoramedia - 05-22-2016, 02:11 AM

RE: filter input - escape output - by kenjis - 05-22-2016, 02:36 AM

RE: filter input - escape output - by ivantcholakov - 05-22-2016, 07:29 AM

RE: filter input - escape output - by cartalot - 05-22-2016, 12:21 PM

Theme © iAndrew 2016 - Forum software by © MyBB