Welcome Guest, Not a member yet? Register   Sign In
A doubt about Xss filter
#1

[eluser]satie[/eluser]
If i set xss filtering:

Code:
$config['global_xss_filtering'] = TRUE;

Coud I avoid this?
Code:
if ($this->security->xss_clean($file, TRUE) ===FALSE){
...
}

or this?

Code:
$this->security->xss_clean($file, TRUE) === FALSE

or
Code:
$filename = $this->security->sanitize_filename($this->input->post('filename'));
#2

[eluser]jairoh_[/eluser]
it's what the user guide says. then yes.
#3

[eluser]Alucemet[/eluser]
You really do not want to enable global xss filtering. There are many times when your input variables will better validated was integer or something that is less expensive than xss_clean();

If you have a low traffic site then it's probably not that bad, and in that case go for it.
#4

[eluser]satie[/eluser]
Ok, thanks jairoh_ and Alucemet.

Yes, I'm developing a site that should have high traffic. So, i prefer to use as much as possible all CI security libraries with my own.
Thanks for your answer.




Theme © iAndrew 2016 - Forum software by © MyBB