summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/libraries
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-01-05 16:23:13 +0100
committerAndrey Andreev <narf@devilix.net>2015-01-05 16:23:13 +0100
commit40651ebf5e29fd4a17be2cd338e8d501d41b66b1 (patch)
treedf7e0f26bd86dbb520b011d3ba07111956727eab /user_guide_src/source/libraries
parent0d3fde261bd538dd5f9468a407db74a066bc11a4 (diff)
Remove CI_Form_validation::xss_clean()
More details in the commit diff itself, and here: https://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/683#issuecomment-66598821
Diffstat (limited to 'user_guide_src/source/libraries')
-rw-r--r--user_guide_src/source/libraries/form_validation.rst8
1 files changed, 3 insertions, 5 deletions
diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst
index aae9e3b89..f964965ec 100644
--- a/user_guide_src/source/libraries/form_validation.rst
+++ b/user_guide_src/source/libraries/form_validation.rst
@@ -326,14 +326,13 @@ In addition to the validation method like the ones we used above, you
can also prep your data in various ways. For example, you can set up
rules like this::
- $this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[5]|max_length[12]|xss_clean');
+ $this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[5]|max_length[12]');
$this->form_validation->set_rules('password', 'Password', 'trim|required|md5');
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'trim|required|matches[password]');
$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email');
-In the above example, we are "trimming" the fields, converting the
-password to MD5, and running the username through the `xss_clean()`
-method, which removes malicious data.
+In the above example, we are "trimming" the fields, checking for length
+where necessary and converting the password to MD5.
**Any native PHP function that accepts one parameter can be used as a
rule, like htmlspecialchars, trim, md5, etc.**
@@ -1002,7 +1001,6 @@ to use:
==================== ========= =======================================================================================================
Name Parameter Description
==================== ========= =======================================================================================================
-**xss_clean** No Runs the data through the XSS filtering method, described in the :doc:`Security Class <security>` page.
**prep_for_form** No Converts special characters so that HTML data can be shown in a form field without breaking it.
**prep_url** No Adds "\http://" to URLs if missing.
**strip_image_tags** No Strips the HTML from image tags leaving the raw URL.