Welcome Guest, Not a member yet? Register   Sign In
XSS Clean in CI4?
#6

(01-28-2020, 01:05 PM)ajmeireles Wrote: Sorry me, but let me ask showing an example:

In CI3 I clean the post with this method:
$post = $this->security->xss_clean($this->input->post(NULL, TRUE));

This means that all post received by the controller will pass by xss_clean. How I can do something like this on CI4?

There is no xss_clean function for CI4 because that is the wrong way to prevent XSS.

Here's some reading that may explain why the old CI approach is wrong and what you should do instead.

Read the accepted answer to a similar question here.

A readable and reasonably comprehensive blog post.

The very in-depth and astute post Everything You Need to Know About Preventing Cross-Site Scripting Vulnerabilities in PHP
Reply


Messages In This Thread
XSS Clean in CI4? - by ajmeireles - 01-28-2020, 12:00 AM
RE: XSS Clean in CI4? - by jreklund - 01-28-2020, 12:55 AM
RE: XSS Clean in CI4? - by ajmeireles - 01-28-2020, 12:18 PM
RE: XSS Clean in CI4? - by jreklund - 01-28-2020, 12:32 PM
RE: XSS Clean in CI4? - by ajmeireles - 01-28-2020, 01:05 PM
RE: XSS Clean in CI4? - by dave friend - 01-31-2020, 10:58 AM



Theme © iAndrew 2016 - Forum software by © MyBB