Reputation: 3277
insert html into database with CodeIgniter
I want to enable users to edit pages with editor (CKEditor).
The problem is that I want to prevent XSS, so when I'm using:
$this->input->post('content', TRUE)
it also removes some html conent, for example, the following code:
<script></script><p><span style="color:#800000;">text</span></p>
becomes to:
[removed][removed]<p><span
So yes, it prevents XSS, but also removes some necessary html content.
What should I do to fix it?
Upvotes: 1
Views: 4034
Answers (3)
Reputation: 21
try this simple way change this code $this->input->post('content', TRUE) into $_POST['content'] its work for me because codeigniter will do XSS filtering when run $this->input
Upvotes: 0
Reputation: 184
Instead of this you can use below code.
$content = htmlspecialchars($this->input->post('content'));
The save to database and at the time of retrieval, you can use
htmlspecialchars_decode('your html code');
Upvotes: -1
Reputation: 219814
Don't use their built in XSS functionality. Use HTML purifier to do it for you. That way you have more control over what is and isn't removed.
Upvotes: 3
Related Questions
- Codeigniter storing html in database not working
- insert data into database with codeigniter
- How to insert HTML, PHP content into database in CodeIgniter
- Codeigniter 2.1 - insert HTML page into database
- codeigniter data is not insert into database
- Insert into DB with codeigniter 3
- Insert in to database using codeigniter
- Codeigniter insert html line in php form
- Inserting HTML into database
- Inserting HTML code within PHP