codeigniter Securing your web application XSS Prevention on User Input
Example
Don't rely on any user input. user input everything like <script> tag or any javascript alert(); so we have to prevent this all data will no run in our browser. so we have to use xss prevention method to restrict our secure data to kept in hacker hand and also it's developer's responsibility to user's input validation and solve error by programatically.
so, check this is a example of xss prevention in CodeIgniter.
$data = array(
'name' => "<script>alert('abc')</script>",
'email' => "[email protected]"
);
var_dump($data);
// Print array without xss cleaning/xss filtering
array(2) { ["name"]=> string(29) "" ["email"]=> string(19) "[email protected]" } // Result with alert
// now print data after xss filtering
$data = $this->security->xss_clean($data);
var_dump($data);
//Print array without xss cleaning/xss filtering
array(2) { ["name"]=> string(38) "[removed]alert('abc')[removed]" ["email"]=> string(19) "[email protected]" } // Result Without alert
so, after added xss_filtering we don't have any issue to run any abuse code which input by user. and CodeIgniter replace this abuse tag with [removed] keyword.
