I'm trying to migrate a system in codeigniter 2 to version 4 of the same framework, but when I want to execute the function $nomUsr = $ security-> xss_clean ($ this-> input-> post ('nomUsr')); in CI4 this returns an error. I'm forgetting to load something into another file or xss_clean is just no longer used in codeigniter 4?
Thank you very much!!
Asked
Active
Viewed 1,350 times
0
Emily
- 314
- 2
- 17
1 Answers
1
There is no xss_clean function for CI4 because that is the wrong way to prevent XSS. here is the official reply
XSS_clean should be conspired deprecated. That's a not a recommended practice to rely on. You should filter your inputs AND escape your outputs.
Input: https://codeigniter4.github.io/userguide/libraries/validation.html https://codeigniter4.github.io/userguide/incoming/incomingrequest.html#retrieving-input "Filtering Input Data"
Output: https://codeigniter4.github.io/userguide/outgoing/view_renderer.html#escaping-data https://codeigniter4.github.io/userguide/outgoing/view_renderer.html#escaping-contexts
user969068
- 2,818
- 5
- 33
- 64