stackoom
  简体   繁体   中英

XSS Filtering won't disable on post codeigniter

 原文  2012-08-20 19:44:38       php/ codeigniter/ xss

Question

I'm in the process of developing a basic WYSIWYG for my site and I've used this line to turn XSS filtering off 

$this->input->post(NULL, FALSE);

I have also tried 

$this->input->post();

as I understand it, this should give me all postdata and not filter it, however, it appears to still be removing my <script> tags. Disregarding security concerns for now (I'll handle those still) how can I guarantee that my scripts are not removed without disabling XSS for my entire site?

PS I have also verified that $config['global_xss_filtering'] is set to false.

1 answers

solution1
 0 ACCPTED  2012-08-20 20:05:50

Per the CI documentation, if you're looking to pull the whole post array without XSS, you should replace $this->input->post(NULL, FALSE); with $this->input->post();

See http://codeigniter.com/user_guide/libraries/input.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question CodeIgniter: Use get_post with XSS filtering on entire $_POST array XSS filtering on CodeIgniter form Codeigniter session xss filtering XSS Filtering in codeigniter does XSS filtering in codeigniter doesn't prevent SQL injections? Codeigniter xss filtering and url link Codeigniter - global XSS filtering TRUE Codeigniter forms won't post xss filtering not removing single quotes in codeigniter how can xss filtering in codeigniter 3 still usefull?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM