Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In case of user submitted text, when outputting to the page, what text filter do you use both in input and output?
As I understand it, using $this->input->post('something',true) will clean XSS content from the input data, so there is no other thing to do to be secure? Something like htmlspecialchars(), strip_tags(), etc.?
Also i would like to know if for example htmlspecialchars() is good to use, why CI security library doesn’t applyes htmlspecialchars() by default to the passed string?
Kinda depends on what you’re doing with this input, but most likely you’re going to want to run the string through
htmlspecialchars()also.