XSS Clean in CI4? |
Hello, community!
Im start to migrate my plataform to the CI4 and I doesn't find a important functions that I use on CI3 that is xss_clean on POST requisitions. In CI4 what is the similar functions as xss_clean or what is the recommendation to protect POST data?
XSS_clean should be conspired deprecated. That's a not a recommended practice to rely on. You should filter your inputs AND escape your outputs.
Input: https://codeigniter4.github.io/userguide...ation.html https://codeigniter4.github.io/userguide...ving-input "Filtering Input Data" Output: https://codeigniter4.github.io/userguide...aping-data https://codeigniter4.github.io/userguide...g-contexts
(01-28-2020, 12:55 AM)jreklund Wrote: XSS_clean should be conspired deprecated. That's a not a recommended practice to rely on. You should filter your inputs AND escape your outputs. Then the function esc and setVar need be impressed on view template or where for example?
(01-28-2020, 12:32 PM)jreklund Wrote: Input are in your controller*. Output are in your view. Sorry me, but let me ask showing an example: In CI3 I clean the post with this method: $post = $this->security->xss_clean($this->input->post(NULL, TRUE)); This means that all post received by the controller will pass by xss_clean. How I can do something like this on CI4?
(01-28-2020, 01:05 PM)ajmeireles Wrote: Sorry me, but let me ask showing an example: There is no xss_clean function for CI4 because that is the wrong way to prevent XSS. Here's some reading that may explain why the old CI approach is wrong and what you should do instead. Read the accepted answer to a similar question here. A readable and reasonably comprehensive blog post. The very in-depth and astute post Everything You Need to Know About Preventing Cross-Site Scripting Vulnerabilities in PHP |
Welcome Guest, Not a member yet? Register Sign In |