summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/libraries/security.rst
diff options
context:
space:
mode:
authorDiederikLascaris <info@runesa.nl>2017-01-22 21:45:15 +0100
committerDiederikLascaris <info@runesa.nl>2017-01-22 21:45:15 +0100
commit312efeba32d532878c536fd28e75f39d61a9dade (patch)
tree71ae4aaca33a9d34a789d6d375acd2594160123a /user_guide_src/source/libraries/security.rst
parent947f1a06093a52a32b703ee795e52c22cd66363a (diff)
parent44c7af639ac1726780b64fb5a6cb6fca2df8b651 (diff)
Merge branch 'develop' of git://github.com/bcit-ci/CodeIgniter into develop
Diffstat (limited to 'user_guide_src/source/libraries/security.rst')
-rw-r--r--user_guide_src/source/libraries/security.rst19
1 files changed, 5 insertions, 14 deletions
diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst
index 305a8e57c..f7604ef00 100644
--- a/user_guide_src/source/libraries/security.rst
+++ b/user_guide_src/source/libraries/security.rst
@@ -16,20 +16,11 @@ application, processing input data for security.
XSS Filtering
*************
-CodeIgniter comes with a Cross Site Scripting Hack prevention filter
-which can either run automatically to filter all POST and COOKIE data
-that is encountered, or you can run it on a per item basis. By default
-it does **not** run globally since it requires a bit of processing
-overhead, and since you may not need it in all cases.
-
-The XSS filter looks for commonly used techniques to trigger Javascript
-or other types of code that attempt to hijack cookies or do other
-malicious things. If anything disallowed is encountered it is rendered
-safe by converting the data to character entities.
-
-Note: This function should only be used to deal with data upon
-submission. It's not something that should be used for general runtime
-processing since it requires a fair amount of processing overhead.
+CodeIgniter comes with a Cross Site Scripting prevention filter, which
+looks for commonly used techniques to trigger JavaScript or other types
+of code that attempt to hijack cookies or do other malicious things.
+If anything disallowed is encountered it is rendered safe by converting
+the data to character entities.
To filter data through the XSS filter use the ``xss_clean()`` method::