Is it okay to "re" xss-clear data in CodeIgniter?

Question

Is it okay to "re" xss-clear data in CodeIgniter?

The following are ways to clear XSS data in Codeigniter:

set global_xss_filteringin config toTRUE
use xss_clean()
use xss_cleanas a rule checks
set the second parameter TRUEto$this->input->post('something', TRUE)

Is it possible to use all or more than one of them on one piece of data?

For example, would it be nice if I still used it $this->input->post('something', TRUE), even if the data had already been cleared using global_xss_filteringand xss_cleanvalidation rules?

+5

php codeigniter xss

Obay Mar 15 '12 at 6:28

source share

3 answers

Wesley Murch · Answer 1 · 2012-03-15T07:34:49+0000

It will not hurt you, but it is definitely pointless.

, , XSS . , $_REQUEST , . , , HTML, .

. , , , <script>, [removed], . , , "XSS" ? .

XSS, : HTML, javascript.

Rohan Prabhu · Answer 2 · 2012-03-15T07:24:42+0000

. , "A". , , xss_clean, XSS- :

B = xss_clean(A)

, , , C:

C = css_clean(B)

, B C , , B xss- . , xss_clean , A . , , xss- , .

, , - , xss- ? , , , , ( , , , ).

, , - , - ( , , - ), .

, , codeigniters xss clean HTML . < > < >. , , , .

jgmjgm · Answer 3 · 2014-10-04T22:40:18+0000

xss_clean , . , . . . , , , . , a = b, xss_clean.

, xss_clean, . , , . , , , , xss_clean. , , , , , , . , xss_clean , , . - , , , , . xss_clean , .

xss_clean ( htmlentities ..), , , , (- , ). , xss_clean .

, , - , . , , , , , , . - , . . , , . , addlashes, , . , HTML, , . , , , , . . , , -. . , , , , . . , , , , .

xss_clean magic_quotes: http://en.wikipedia.org/wiki/Magic_quotes

: , . , (, ), . . xss_clean. , . , $published_data! == xss_clean ($ published_data), .

Is it okay to "re" xss-clear data in CodeIgniter?

More articles: