XSS_clean question

[eluser]Matalina[/eluser]
I currently have xss_clean globally enabled. But I want to turn it off for one or two fields in my forms. I've looked through the Input Class but not sure which happens first.

If I call

Code:

$this->input->post('name',FALSE);

Will it not use xss_clean even tho it's globally enabled?

[eluser]mikedfunk[/eluser]
From what I understand this is a flaw (IMHO) in the xss clean system. It's either all on or you have to do them one-by-one.

[eluser]CroNiX[/eluser]
I usually have global off and just set xss_clean in the validation rules where they're needed. Then if you're accessing post() or set_value() or whatever it will be clean if it passes validation and you don't need to keep doing it.

[eluser]Matalina[/eluser]
so basically it's all or nothing.... fun good thing this is an app that's just starting and not in the middle or end when a feature is added lol.

[eluser]weboap[/eluser]
can you try
http://stackoverflow.com/questions/37884...post-basis

[eluser]Matalina[/eluser]
Okay and why would that work over setting the value to FALSE?

I thought that you overwrote anything that was placed into the variable if it was passed.

I really don't see how rewriting that works. The input constructor is what cleans data when XSS_clean is set globally. So data is already cleaned by the time the post method is called which is why it can't be unset. So I don't think that method should work at all either. It's really no different than setting the value to false.