[英]Codeigniter session xss filtering
does it makes any sense to check if user's session item is xss clean? 检查用户的会话项目是否为xss clean有意义吗?
Something like this: 像这样:
$item = $this->security->xss_clean($this->session->item);
Is there any possibility that session can contain any harmful code? 会话是否可能包含任何有害代码?
Short answer: Yes . 简短的回答: 是的 。
If $this->session->item
is populated by a malicious user (eg some input textbox
or fake $_POST
data ) then it is vulnerable to harmful code. 如果
$this->session->item
由恶意用户(例如某些input textbox
或伪造的$_POST
数据) $_POST
则该代码很容易受到有害代码的攻击。
Even if this session
variable is really stored in your session, it could be inserted in a database, for example. 即使此
session
变量确实存储在您的会话中,例如也可以将其插入数据库中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.