Reputation: 2617
Prevent HTML Injection in Codeigniter Input class
As we all know $this->input->post('$myvariable',TRUE) is XSS filtered. But is there any way i can prevent HTML Injection in the same.I read few articles but none of them give clear idea from where to start.Any Help ?
Upvotes: 0
Views: 3162
Answers (1)
Reputation: 38584
$this->input->post('variable',TRUE);
When you add TRUE it will filter all your Injections (SQL, XSS).
As well as load this $config['global_xss_filtering'] = TRUE; in application/config
Info : The Input class has the ability to filter input automatically to prevent cross-site scripting attacks.
And you can use
html_escape()
Info : This function provides short cut for
htmlspecialchars()function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.
and this
remove_invisible_characters()
Info : This function prevents inserting null characters between ascii characters, like Java\0script.
Upvotes: 1
Related Questions
- Codeigniter XSS protection
- Webscrape CNN, injection, beautiful soup, python, requests, HTML
- how sanitize input codeigniter 3?
- XSS (Cross Site Scripting) vs HTML Injection
- does XSS filtering in codeigniter doesn't prevent SQL injections?
- Avoid XSS with BBCode input and HTML output
- html sanitization makes difficulties
- CodeIgniter input filtering
- SQL Injection and Codeigniter