I'm in the process of developing a basic WYSIWYG for my site and I've used this line to turn XSS filtering off
$this->input->post(NULL, FALSE);
I have also tried
$this->input->post();
as I understand it, this should give me all postdata and not filter it, however, it appears to still be removing my <script>
tags. Disregarding security concerns for now (I'll handle those still) how can I guarantee that my scripts are not removed without disabling XSS for my entire site?
PS I have also verified that $config['global_xss_filtering']
is set to false.
Per the CI documentation, if you're looking to pull the whole post array without XSS, you should replace $this->input->post(NULL, FALSE);
with $this->input->post();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.