A security question about xss_clean |
[eluser]Zorancho[/eluser]
Hi to all. I have one security question about the xss_clean function in CI. I know if global xss filter is set to true in the config file it will automatically clean all $_GET, $_POST and $_COOKIE data, but what about when i want to have safe output. I am using this function in my helper and i have global xss filtering turned to TRUE in the config. Code: function safe_output($value)
[eluser]Skuja[/eluser]
If your input has been safe, why do you think that the output wont be ? If you do not want to break any html structure, just use htmlspecialchars() on output. |
Welcome Guest, Not a member yet? Register Sign In |