Reputation: 4174
CodeIgniter 2.2.1 XSS filter removes tab character from post variable
I have upgraded my CodeIgniter from 2.1.4 to 2.2.1. In this new version I noticed that the variables that are sent to the controller are being filtered even if I set the XSS filter setting to false.
$config['global_xss_filtering'] = FALSE;
This filtering unfortunately removes the tab character '\t' from the variable. So if I send some strings with tabs, the tabs will be replaced by space character.
Because I'm sending a tabular data (jqgrid) in one string and I'm differentiating each row with a tab (and differentiating each column with a pipe character) now the controller cannot recognize the rows any more (the pipe character was not removed btw)
How to disable this filtering? Or how to escape the tabs from getting removed?
Upvotes: 1
Views: 458
Answers (1)
Reputation: 1756
Simple solution: comment line 320 in system\core\Security.php
$str = str_replace("\t", ' ', $str);
Upvotes: 2
Related Questions
- Codeigniter 3 - XSS Filtering
- xss filtering not removing single quotes in codeigniter
- XSS filtering on CodeIgniter form
- Codeigniter XSS filter removing inline style on post Ajax data
- Codeigniter - Disable XSS filtering on a post basis
- CodeIgniter: Use get_post with XSS filtering on entire $_POST array
- How to XSS filtering variable?
- XSS Filtering won't disable on post codeigniter
- Codeigniter php tags stripping with xss_clean
- Why doesn't CodeIgniter's XSS filter clean all?