| Execluding a variable from the XSS filter? |
[eluser]EEssam[/eluser]
Hi, I have the global XSS filter enabled and now I'm coding the web-based template editor, so there will be <scri*pt>, etc tags. How can I exclude a variable named $blablabla from being filtered? Please help.
[eluser]gungbao[/eluser]
see also the discussion here - http://ellislab.com/forums/viewthread/83358/ I understand it in that way, that you want to globally set Code: $config['global_xss_filtering'] = TRUE;but only for a particular controller-action, you want to set Code: $config['global_xss_filtering'] = FALSE;http://ellislab.com/codeigniter/user-gui...input.html My first idea is a little hack: make a pre_system hook as described here. http://ellislab.com/codeigniter/user-gui...hooks.html In the hook you parse the request-uri to check for the controller/action you want to disable global xss-filtering - since ci does not provide a nice&simple;access to the choosen controller/action in that state of the script. Once you have done that, you can globalize the $config['global_xss_filtering'] in the hook and switch it off.
[eluser]EEssam[/eluser]
Hi, I tried what you said but it didn't work  My hooks/config.php: $hook['pre_system'] = array( 'class' => '', 'function' => 'myinit', 'filename' => 'init.php', 'filepath' => 'hooks', 'params' => array('beer', 'wine', 'snacks') ); My init.php file: <?php function myinit() { $config['global_xss_filtering'] = FALSE; } ?> I enabled hooks as well from config.php file. It has no effect at all. Please help. |
| Welcome Guest, Not a member yet? Register Sign In |
