codeigniter Securing your web application XSS Prevention on User Input


Example

Don't rely on any user input. user input everything like <script> tag or any javascript alert(); so we have to prevent this all data will no run in our browser. so we have to use xss prevention method to restrict our secure data to kept in hacker hand and also it's developer's responsibility to user's input validation and solve error by programatically.

so, check this is a example of xss prevention in CodeIgniter.

$data = array(
            'name' => "<script>alert('abc')</script>",
            'email' => "useremail@gmail.com"
        );
var_dump($data);
// Print array without xss cleaning/xss filtering

array(2) { ["name"]=> string(29) "" ["email"]=> string(19) "useremail@gmail.com" } // Result with alert

// now print data after xss filtering

$data = $this->security->xss_clean($data);
var_dump($data);

//Print array without xss cleaning/xss filtering
array(2) { ["name"]=> string(38) "[removed]alert('abc')[removed]" ["email"]=> string(19) "useremail@gmail.com" } // Result Without alert

so, after added xss_filtering we don't have any issue to run any abuse code which input by user. and CodeIgniter replace this abuse tag with [removed] keyword.