What does the Codeigniter xss filter do?

Write the reason you're deleting this FAQ

What does the Codeigniter xss filter do?

I'm using Codeigniter to develop my latest project and I'm using the input class to fetch all of my data. Here is an example:


There is an optional second parameter for XSS filter. Enabling it like this:
$this->input->get('myvalue', TRUE);

What exactly does the XSS filter do to the value? What does it add or take away from an input? I couldn't really find the answer to my question. I realize that it prevents XSS but how?


Please login or sign up to leave a comment

It is part of the security class of Codeigniter. You can read more about it here. It basically attempts to remove any Javascript that could be used for XSS. Directly from the link I posted:
The XSS filter looks for commonly used techniques to trigger Javascript or other types of code that attempt to hijack cookies or do other malicious things. If anything disallowed is encountered it is rendered safe by converting the data to character entities.

Are you sure you want to delete this post?