• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
xss flashdata class

#1
Hi All,

If I need to sanitize below piece of code in CI (v3.1.10)

<?php echo $this>session->flashdata('error'); ?>

How to do it?????

and one more thing xss_clean is completely deprecated in CI (v3.1.10) so we can not use it????
Reply

#2
You should use html_escape() or xss_clean() when you print strings that are not XSS safe. Personally I use html_escape() as I don't want anything to have the slightest chance on slipping thru.

PHP Code:
<?php echo html_escape($this>session->flashdata('error')); ?>

It's deprecated from input validation, as you should filter your data. Do you only want numbers? Check that it's not a letter etc.
Reply

#3
(05-03-2020, 02:08 AM)jreklund Wrote: You should use html_escape() or xss_clean() when you print strings that are not XSS safe. Personally I use html_escape() as I don't want anything to have the slightest chance on slipping thru.

PHP Code:
<?php echo html_escape($this>session->flashdata('error')); ?>

It's deprecated from input validation, as you should filter your data. Do you only want numbers? Check that it's not a letter etc.

Thanks for your quick help and response!!
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.