Welcome Guest, Not a member yet? Register   Sign In
When should I use esc()?
#1

Hi,

I need help with where to use esc() function. 

Do I need to use esc() on every single input text field? For example. I have a form that presents the user with two fields. One is a text field and the other is textarea field. The user needs to fill up both fields and submit them. So, where does the esc go? Do I use esc on the input element (view) or at the Controller level?

The documentation didn´t help me. At https://codeigniter4.github.io/CodeIgnit...items.html, the only esc I see is in to escape the title.

Thanks.
Reply
#2

(This post was last modified: 02-19-2022, 04:52 PM by kenjis.)

You should use esc() when you output any data that may change, such as variables, in your HTML.

But if a function is guaranteed to return proper XSS-free HTML string, there is no need to escape.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB