a simple xss filter question.

[eluser]basementDUDE[/eluser]
Just wondering, are the following function have the same functionality?

so, if I use this function

Code:

$this->input->post('comments', TRUE);

then I don't need to this anymore, am I correct?

Code:

$this->form_validation->set_rules('comments', 'comments', 'xss_clear');

[eluser]WanWizard[/eluser]
Correct.

Or if you enable XSS cleaning in the config, it happens automatically, you don't have to do it anywhere.

[eluser]Wuushu[/eluser]
Do you want people to be able to output HTML-tags in their comments.. like..

"<div>hello.... " and possibly break your design, then yes above is sufficient!

[eluser]WanWizard[/eluser]
True, it depends on your application.

[eluser]victorche[/eluser]
please, explain it a little bit more... I will have an input and i want it to be just plain text. So if somebody is typing <div>, it should be displayed as plain text (just like here, in the forum).

[eluser]basementDUDE[/eluser]
[quote author="victorche" date="1282404143"]please, explain it a little bit more... I will have an input and i want it to be just plain text. So if somebody is typing <div>, it should be displayed as plain text (just like here, in the forum).[/quote]

this is what I did.

Code:

$comments = nl2br(strip_tags($comments));

[eluser]victorche[/eluser]
But this is not connected with ...

Code:

$this->input->post('comments', TRUE);

or with "xss_clean" at all...

@basementDUDE, your code is pure php... And this is something i am aware of. I was just asking how to achieve the same, using CI functionality...

[eluser]basementDUDE[/eluser]
This is what I use to get plain text from comments,

Code:

$comments = $this->input->post('comments', TRUE);

$comments = nl2br(strip_tags($comments));

If you want to use CI function instead, I think htmlspecialchars will allow user use html tags such as <div>, but that is also native php function.

Code:

$this->form_validation->set_rules('comments', 'comments', 'xss_clear|htmlspecialchars');

[quote author="victorche" date="1282481038"]But this is not connected with ...

Code:

$this->input->post('comments', TRUE);

or with "xss_clean" at all...

@basementDUDE, your code is pure php... And this is something i am aware of. I was just asking how to achieve the same, using CI functionality...[/quote]