duanbimo7212 2012-08-20 19:44
浏览 80
已采纳

XSS过滤不会在post codeigniter上禁用

I'm in the process of developing a basic WYSIWYG for my site and I've used this line to turn XSS filtering off

$this->input->post(NULL, FALSE);

I have also tried 

$this->input->post();

as I understand it, this should give me all postdata and not filter it, however, it appears to still be removing my <script> tags. Disregarding security concerns for now (I'll handle those still) how can I guarantee that my scripts are not removed without disabling XSS for my entire site?

P.S. I have also verified that $config['global_xss_filtering'] is set to false.

  • 写回答

1条回答 默认 最新

  • dongyoufo5672 2012-08-20 20:05
    关注

    Per the CI documentation, if you're looking to pull the whole post array without XSS, you should replace $this->input->post(NULL, FALSE); with $this->input->post();

    See http://codeigniter.com/user_guide/libraries/input.html

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 phython如何实现以下功能?查找同一用户名的消费金额合并—
  • ¥15 孟德尔随机化怎样画共定位分析图
  • ¥18 模拟电路问题解答有偿速度
  • ¥15 CST仿真别人的模型结果仿真结果S参数完全不对
  • ¥15 误删注册表文件致win10无法开启
  • ¥15 请问在阿里云服务器中怎么利用数据库制作网站
  • ¥60 ESP32怎么烧录自启动程序
  • ¥50 html2canvas超出滚动条不显示
  • ¥15 java业务性能问题求解(sql,业务设计相关)
  • ¥15 52810 尾椎c三个a 写蓝牙地址