How to use global_xss_filter ???

#1
[eluser]Buso[/eluser]
I have it set to TRUE but it doesn't seem to do anything

How does it work??


I want it to prevent users from injecting html tags like <javascript> some hacks </javascript>, or anything of the sort.


I am sending a form with a message with some html tags, the controller makes the validation (without the xss_clean option, since i wanna test the global_xss_filter option), then it is saved in the DB with active record. First I was using this:

Code:
public function postComment() {
  $this->db->insert('comments',$_POST);
}

then I tried this:

Code:
public function postComment() {
  $comment = array('date' => time(),
               'username' => $this->input->post('username'),
           'title' => $this->input->post('title'),
           'email' => $this->input->post('email'),
           'body' => $this->input->post('body'));
  $this->db->insert('comments',$comment);
}

But the xss global filter still doesn't work.

What should I do?

#2
[eluser]Thorpe Obazee[/eluser]
what happens when you use
Code:
$this->input->xss_clean()
?

#3
[eluser]iFadey[/eluser]
This is what he's saying. He don't want to use

Code:
$this->input->xss_clean();

He wants to use global xss filter which can be enabled from config.php file. So the problem is his global xss filter is not working.

#4
[eluser]überfuzz[/eluser]
Not that I wanna treat you like a noob, but have you updated the config file on your server?

#5
[eluser]Buso[/eluser]
[quote author="überfuzz" date="1257432061"]Not that I wanna treat you like a noob, but have you updated the config file on your server?[/quote]
no problem

yes.. Im trying to make it work in my test server (here in my own pc), so no need to update anything.




edit: now i noticed that xss_clean(), and the local xss_clean option aren't working either, what should I do? Something is messed up =SSSS

#6
[eluser]bigtony[/eluser]
I've always found the global filter works for me (it replaces naughty html tags with [removed]).
What happens for you?

#7
[eluser]Thorpe Obazee[/eluser]
[quote author="iFadey" date="1257431813"]This is what he's saying. He don't want to use

Code:
$this->input->xss_clean();

He wants to use global xss filter which can be enabled from config.php file. So the problem is his global xss filter is not working.[/quote]

I never said that he should stick with it. I wanted to know if it worked. Or wasn't that clear when I asked, "what happens when you use $this->input->xss_clean()"?

#8
[eluser]iFadey[/eluser]
Oops! I am sorry :red:

#9
[eluser]Buso[/eluser]
this is killing me, i can't get any of the xss filtering options to work.
Any ideas??

this is how i configure the rules in the form_validation.php file

'rules' => 'required|max_length[1000]|xss_clean'

the 'required' rule is working, so what's wrong with the clean?

>_>

#10
[eluser]überfuzz[/eluser]
Are you sure that form_validation handles xss cleaning..? Read the user_guide.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.