Welcome Guest, Not a member yet? Register   Sign In
Problem using xss_clean()
#1

[eluser]stormlead[/eluser]
Hi all!
i want to use a form validation in which i just want to check the possible cross site script in the field. for which i am using the function as below
Code:
function username_check($name)
    {
      if($name=='')
      {
       $this->form_validation->set_message('username_check', 'The field can not be blank');
       return FALSE;
      }
      elseif ($this->input->xss_clean($name, TRUE) === FALSE)
      {
    // file failed the XSS test
       $this->form_validation->set_message('username_check', 'The field can not be blank');
       return FALSE;
       }
      else
      {
        return TRUE;
      }
    }
but the field is getting cleaned and i am getting output as

[removed]alert('in');[removed]

i just want to display a error message and not to process the field any further.
Please help me out to solve this ....
#2

[eluser]Thorpe Obazee[/eluser]
You can always extend the Input class and modify the xss_clean() function. Or you can just not return the field's value if the Form Validation class returns an error.
#3

[eluser]stormlead[/eluser]
hi!
i just want to check and not replace. Is there any fast and easy way or built in function to do the same.
#4

[eluser]Thorpe Obazee[/eluser]
I don't believe there is. xss_clean returns a 'clean' string. not a boolean value.
#5

[eluser]stormlead[/eluser]
ok one more what if i use alpa_numeric for checking the username.
it works but is there any possiblity for missing out some thing.
#6

[eluser]bigtony[/eluser]
Why not specify both alpha_numeric and xss_clean in your set_rules() for the field? Or even set the config file to automatically perform xss_clean on all input.
#7

[eluser]stormlead[/eluser]
Ya thnks for the reply i used only alpha_numeric now to check username




Theme © iAndrew 2016 - Forum software by © MyBB