Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Escaping data in views
Escaping data in views
  • Offline fedeburo
    Junior Member
  • **
  • Posts: 12
    Threads: 8
    Joined: Aug 2020
    Reputation: 0
#1
02-01-2022, 12:44 PM

Hi, i have a few questions regarding escaping data and filtering data, because i am new in security issues and i want to prevent xss attacks and sql injections.

I am using CI4, so i know that with the query builder, the sql injections are prevented because it escapes automatically.

Regarding escaping in the views:
1) Every thing that is echoed needs to be escaped? using just the esc() function with the first parameter is enough? I read that if you want to escape a url, the second parameter is 'url', but i tried to escape a href with esc(base_url(..../...),'url') and when i click on that button, it doesnt redirect me to the correct page.

2) If i want to be "security cleaned" when they are submitting some form to a DB, and i do it through an ajax call, do i need to do something before calling the controller method? In the controller, i should escape/filter the variables? In the model i am using the query builder class.

3)Any other good tip is accepted. Thanks!!
Reply


Messages In This Thread
Escaping data in views - by fedeburo - 02-01-2022, 12:44 PM
RE: Escaping data in views - by InsiteFX - 02-02-2022, 01:32 AM
RE: Escaping data in views - by kilishan - 02-02-2022, 07:16 AM
RE: Escaping data in views - by pikato - 02-10-2022, 08:39 AM
RE: Escaping data in views - by Kenn38 - 02-10-2022, 08:12 PM
RE: Escaping data in views - by kenjis - 02-11-2022, 05:26 AM



Theme © iAndrew 2016 - Forum software by © MyBB