Safe way to get rid of "[removed]" and global xss_clean

#1
[eluser]Mareshal[/eluser]
I was surprised in a good way, when I saw xss_clean function in CodeIgniter. But when I submit POST data from a form I get a lot of "[removed]" tags due to malicious code.

Is safer using xss_clean global enabled or xss_clean($_POST) ?

After xss_clean how can I get rid of [removed] tags?
Code:
str_replace("[removed]", "", $_POST)
Would this code be a safe way?

#2
[eluser]Mareshal[/eluser]
does codeigniter have other replacement tags than [removed] ?

#3
[eluser]Thorpe Obazee[/eluser]
[quote author="Mareshal" date="1245453619"]
Is safer using xss_clean global enabled or xss_clean($_POST) ?[/quote]

Probably safer to use global as you don't need to remember everytime (you might forget). Anyway, they're basically the same thing.

[quote author="Mareshal" date="1245453619"]
After xss_clean how can I get rid of [removed] tags?
Code:
str_replace("[removed]", "", $_POST)
Would this code be a safe way?[/quote]
You can always modify it if you want.

#4
[eluser]Mareshal[/eluser]
where to modify that?

#5
[eluser]Thorpe Obazee[/eluser]
extend the Input Library or just use HTML Purifier as an alternative.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.