• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
xss_clean() truncating data

#1
Hi,

I have input value as '<value_range>Test</value_range>', When I use 
$this->oSecurity->xss_clean($value), I am getting outcome as <value>Test</value>

Can somebody please help me here
Reply

#2
xss_clean are supposed to remove invalid data, if it deem it not to be secure. What are you doing with the string after you have run it in xss_clean?
Reply

#3
(08-27-2020, 12:36 PM)jreklund Wrote: xss_clean are supposed to remove invalid data, if it deem it not to be secure. What are you doing with the string after you have run it in xss_clean?
Hi Thanks for reply,

After applying xss_clean(), I am storing data to database.
Reply

#4
XSS protection are only supposed to be done on output (rendering) not input (saving to database).
Filtering on the other hand should be done input, checking that you are only accepting numbers etc. from the user.

And on output, you are showing it as is? What are you doing with that <range> field?
Reply

#5
(08-28-2020, 09:12 AM)jreklund Wrote: XSS protection are only supposed to be done on output (rendering) not input (saving to database).
Filtering on the other hand should be done input, checking that you are only accepting numbers etc. from the user.

And on output, you are showing it as is? What are you doing with that <range> field?
It is just a simple value for one of the field.
I want to achieve , Whatever I have placed on UI like 

 '<value_range>Test</value_range>'

Should keep same but because of xss_clean() my values are getting altered.
Reply

#6
Solution: Don't use xss clean on input.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.