CodeIgniter Tutorial : XSS filtering on CodeIgniter Form

Code Igniter By Builder

XSS means Cross-site scripting, which is a type of security vulnerability found in web application. The XSS technique commonly used to trigger Javascript or other types of malicious code that attempt to hijack runnable code.

Usage of xss_clean(), we can stop the data and filter up, if any disallowed data is encountered it is rendered by xss_clean function and safe convert into the character entities.

Without the using of xss_clean(), encountered data via cookies and post, get method directly applied to the code, which is harmful.

Codeigniter provides “security” class which contains methods that help you create a secure application.

For sanitizing a particular data you have to pass that data into xss_clean().

In this video, we demonstration how to xss inject in the form input data using javascript.

source