Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Advice needed - Global XSS filtering
Advice needed - Global XSS filtering
  • El Forum
    Guest
  •  
#1
06-21-2008, 11:01 AM

[eluser]EEssam[/eluser]
Hi guys,

I'm coding a shopping cart so obviously the security of the app is at the top of my priorities. I'm thinking about enabling:

$config['global_xss_filtering'] = FALSE;

But why the documentation is insisting on not enabling this option:

"CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases."

"Note: This function should only be used to deal with data upon submission. It's not something that should be used for general runtime processing since it requires a fair amount of processing overhead."

http://ellislab.com/codeigniter/user-gui...input.html

I mean what's wrong in having it enabled? It should not consume resources unless a form is really submitted. Am I wrong?

Please advise.
  • El Forum
    Guest
  •  
#2
06-21-2008, 12:10 PM

[eluser]Popcorn[/eluser]
I have it enabled dy default and don't suffer long loading times. "0.02" is the average.

Finish your application then benchmark the configuration value in the both off and on state and see if has a big impact.
  • El Forum
    Guest
  •  
#3
06-21-2008, 04:45 PM

[eluser]Derek Allard[/eluser]
I agree. In most instances, global xss filtering is fine.
  • El Forum
    Guest
  •  
#4
06-21-2008, 05:59 PM

[eluser]EEssam[/eluser]
I feel better now Smile

Thanks.




Theme © iAndrew 2016 - Forum software by © MyBB