duanbimo7212 2012-08-20 19:44
浏览 80
已采纳

XSS过滤不会在post codeigniter上禁用

I'm in the process of developing a basic WYSIWYG for my site and I've used this line to turn XSS filtering off

$this->input->post(NULL, FALSE); 

I have also tried

$this->input->post(); 

as I understand it, this should give me all postdata and not filter it, however, it appears to still be removing my <script> tags. Disregarding security concerns for now (I'll handle those still) how can I guarantee that my scripts are not removed without disabling XSS for my entire site?

P.S. I have also verified that $config['global_xss_filtering'] is set to false.

  • 写回答

1条回答 默认 最新

  • dongyoufo5672 2012-08-20 20:05
    关注

    Per the CI documentation, if you're looking to pull the whole post array without XSS, you should replace $this->input->post(NULL, FALSE); with $this->input->post();

    See http://codeigniter.com/user_guide/libraries/input.html

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 提问STK的问题,哪位航天领域的同学会啊
  • ¥15 苹果系统的mac m1芯片的笔记本使用ce修改器使用不了
  • ¥15 单相逆变的电压电流双闭环中进行低通滤波PID算法改进
  • ¥15 关于#java#的问题,请各位专家解答!
  • ¥15 如何卸载arcgis 10.1 data reviewer for desktop
  • ¥15 共享文件夹会话中为什么会有WORKGROUP
  • ¥15 关于#python#的问题:使用ATL02数据解算光子脚点的坐标(操作系统-windows)
  • ¥115 关于#python#的问题:未加密前两个软件都可以打开,加密后只有A软件可打开,B软件可以打开但读取不了数据
  • ¥15 在matlab中Application Compiler后的软件无法打开
  • ¥15 想问一下STM32创建工程模板时遇到得问题