Welcome Guest, Not a member yet? Register   Sign In
exclude one field from xss filtering
#1

[eluser]Arun Joshi[/eluser]
Hi,

I have enabled $config['global_xss_filtering'] to TRUE in config file. Now its working fine. But in one form, I dont want this filtering.

How to exclude this field from xss filtering?

-Arun
#2

[eluser]Madmartigan1[/eluser]
I may be wrong about this (I hope I am), but to put it simply:

You can't.

I ran into this recently. Your best bet is to disable it globally.
You might be able to come up with a pre-system hook for this, but that's the only other option I think could possibly work. The filter runs too early in CI execution for you to do anything about it in your controller.

Update - see here:

http://stackoverflow.com/questions/37884...post-basis
#3

[eluser]Arun Joshi[/eluser]
Hi,

Actually I want disable the xss filtering for my html editor field. If I turned it on, the tags are breaking. Is there anyway to resolve this problem?

-Arun
#4

[eluser]michalsn[/eluser]
Maybe something like this:
Code:
$this->config->set_item('global_xss_filtering', FALSE);
Add then set manual xss rules for form fields you want. After form processing you can set global_xss_filtering to TRUE again.
#5

[eluser]Madmartigan1[/eluser]
[quote author="michalsn" date="1293849095"]Maybe something like this:
Code:
$this->config->set_item('global_xss_filtering', FALSE);
Add then set manual xss rules for form fields you want. After form processing you can set global_xss_filtering to TRUE again.[/quote]

The input class has already filtered the data by the time you set the config item, so this will not work. Please read the link I posted, it offers a good solution other than the one I already suggested.




Theme © iAndrew 2016 - Forum software by © MyBB