stackoom
  简体   繁体   中英

xss_clean(set_value('field_name')) or set_value('field_name') is safe enough?

 原文  2015-04-22 17:05:13       php/ codeigniter/ codeigniter-3

Question

As CodeIgniter3's documentation says ,

A largely unknown rule about XSS cleaning is that it should only be applied to output, as opposed to input data.

Should I always use xss_clean() before outputting user's data? Or set_value does that for me?

1 answers

solution1
 2  2015-05-12 19:17:20

Yes, set_value() does apply XSS-sanitizing by default.

However, be careful when using it together with other form helper functions, because they do that as well, and you don't want double-escaping. As explained in the manual , you can turn escaping off by passing (boolean) FALSE as the third parameter for set_value() .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question set_value for select field option in codeigniter Codeigniter set_value set_value() Does Not Maintain the Field's Value set_value not working How to avoid double-escaping and keep safe from xss using the set_value fonction in codeigniter set_value() default in CodeIgniter Codeigniter set_value not working The CodeIgniter set_value() not working? Codeigniter set_value Limitation Invalid processed submission: expecting value for field 'field_name' to be of type string, null given
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM