Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support When should I use esc()?
When should I use esc()?
  • Offline castle
    Castle
  • ***
  • Posts: 67
    Threads: 30
    Joined: Mar 2017
    Reputation: 0
#1
02-19-2022, 10:04 AM

Hi,

I need help with where to use esc() function. 

Do I need to use esc() on every single input text field? For example. I have a form that presents the user with two fields. One is a text field and the other is textarea field. The user needs to fill up both fields and submit them. So, where does the esc go? Do I use esc on the input element (view) or at the Controller level?

The documentation didn´t help me. At https://codeigniter4.github.io/CodeIgnit...items.html, the only esc I see is in to escape the title.

Thanks.
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,671
    Threads: 96
    Joined: Oct 2014
    Reputation: 231
#2
02-19-2022, 04:48 PM
(This post was last modified: 02-19-2022, 04:52 PM by kenjis.)

You should use esc() when you output any data that may change, such as variables, in your HTML.

But if a function is guaranteed to return proper XSS-free HTML string, there is no need to escape.
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply




Theme © iAndrew 2016 - Forum software by © MyBB