• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What exactly does xss_clean filter?

If I should have javascript in a textarea which I submit looking like this:


Alert('Oh NO!');


What of this would be removed? I mean, if I filter blog entries does it remove potential javascripts which are of no threat and what about object-elements?

Ok I guess that the script tag got removed. But then I have a problem. I have set a rule for form validation like this:

but later when I try to get it with:

I still get the script tag in the database. What use is there to have xss_clean in a rule if I must set the second parameter in the method post to TRUE anyway?
$this->input->post('input', TRUE);

Ok, nevermind it, I just had a bug in my code, it does get clean by setting the rule Smile

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.