• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What exactly does xss_clean filter?

#1
[eluser]gunnarflax[/eluser]
If I should have javascript in a textarea which I submit looking like this:

Code:
[removed]

Alert('Oh NO!');

[removed]

What of this would be removed? I mean, if I filter blog entries does it remove potential javascripts which are of no threat and what about object-elements?

#2
[eluser]gunnarflax[/eluser]
Ok I guess that the script tag got removed. But then I have a problem. I have set a rule for form validation like this:
Code:
'required|xss_clean'

but later when I try to get it with:
Code:
$this->input->post('input');

I still get the script tag in the database. What use is there to have xss_clean in a rule if I must set the second parameter in the method post to TRUE anyway?
Code:
$this->input->post('input', TRUE);

#3
[eluser]gunnarflax[/eluser]
Ok, nevermind it, I just had a bug in my code, it does get clean by setting the rule Smile


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.