[SOLVED]xss not stripping script on ajax requests |
[eluser]bobbob[/eluser]
When ajax sends script tag it gets url encoded. I can't put it in here as it gets removed which is great but somehow when I run form_validation on it with xss it still gets through as a script tag to the db. Receiving controller code that validates the list name: Code: public function create_new_list() emails are validated in the model. I am concerned with $_POST['name'] Did I misunderstand the validation class?
[eluser]CroNiX[/eluser]
It's probably because there isn't a validation rule/prepping function called "xss". It's called "xss_clean".
|
Welcome Guest, Not a member yet? Register Sign In |