Codeigniter storing html in database not working

Question

I am working on a CMS with codeigniter. Users are supposed to know HTML and construct the page themselves. Now, I am having problems with storing some tags in the database (mysql database).

Users can upload images to the server and then use the path of the image in the code. The code is edited in a . When I try to update the code of a certain page to:

<img src="assets/fileserver/versje2.jpg"  alt="" />

everything works. But when I apply inline style to it

<img style="width: 200px;" src="assets/fileserver/versje2.jpg"  alt="" />

it won't work. It simply ignores the style and the following is stored in the database:

  <img src="assets/fileserver/versje2.jpg"  alt="" />

it simply removes the style. How is this possible?

I have tried:
-htmlspecialchars
-htmlentities

$config['global_xss_filtering'] = FALSE;
$config['global_xss_filtering'] = TRUE;

Any suggestions on what the problem could be?

Answer 1

This worked for me. (Codeigniter 3)

Keep this TRUE:

$config['global_xss_filtering'] = TRUE;

You can FALSE xss filter separatedly.

$this->input->post('input_filed_name', TRUE); // with XSS filter

$this->input->post('input_filed_name', FALSE); // without XSS filter

ex:

$this->input->post('description', FALSE); // without XSS filter

Answer 2

Maybe you need to save it with htmlspecialchars($saveToDB) function,
edit in input such like that: <input name="someHtmlCode" value="<?=$saveToDB;?>" />
and than echo with htmlspecialchars_decode function in your html file on site:
$html = htmlspecialchars_decode($dataFromDB)

Answer 3

Seems like I found it already! First, I had

 $config['global_xss_filtering'] = TRUE;

Then, I set it to

$config['global_xss_filtering'] = FALSE;

But I still had XSS|clean on the form validation!

$this->form_validation->set_rules('inhoud', 'inhoud', 'xss|clean');

That is why it didn't work, now, the style is written to the database just fine!