0

As we all know $this->input->post('$myvariable',TRUE) is XSS filtered. But is there any way i can prevent HTML Injection in the same.I read few articles but none of them give clear idea from where to start.Any Help ?

Improve this question
4
  • this will block all the code injeqtion Commented Jan 20, 2016 at 10:28
  • Abdulla bro.One of my search is using $this->input->post('$myvariable',TRUE).Our security expert says it is vulnerable to html injection. Commented Jan 20, 2016 at 10:30
  • If you are about to submit input fields then you can add rule at the time of form validation.... $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean'); Here xss_clean will filter the data and prevent them to submit form data!!So No space of html injection. Commented Jan 20, 2016 at 11:36
  • html_escape() works. In forms we can use form_prep() which again uses html_escape().Form helper doesnot include html_escape().So to prevent html injection use html_escape with input class. Commented Jan 20, 2016 at 12:39

1 Answer 1

Reset to default
1 
$this->input->post('variable',TRUE);

When you add TRUE it will filter all your Injections (SQL, XSS).
As well as load this $config['global_xss_filtering'] = TRUE; in application/config

Info : The Input class has the ability to filter input automatically to prevent cross-site scripting attacks.

And you can use 

html_escape()

Info : This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.

and this

remove_invisible_characters()

Info : This function prevents inserting null characters between ascii characters, like Java\0script.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.