From 114ab0988e20ac6be39ad363ff897a1a3b85e565 Mon Sep 17 00:00:00 2001 From: Razican Date: Mon, 25 Apr 2011 17:26:45 +0200 Subject: Fixed double-space typo. --- user_guide/libraries/security.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'user_guide/libraries/security.html') diff --git a/user_guide/libraries/security.html b/user_guide/libraries/security.html index 735187459..0cb1d0cb1 100644 --- a/user_guide/libraries/security.html +++ b/user_guide/libraries/security.html @@ -63,11 +63,11 @@ Security Class

XSS Filtering

CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter -all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not +all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.

The XSS filter looks for commonly used techniques to trigger Javascript or other types of code that attempt to hijack cookies -or do other malicious things. If anything disallowed is encountered it is rendered safe by converting the data to character entities.

+or do other malicious things. If anything disallowed is encountered it is rendered safe by converting the data to character entities.

Note: This function should only be used to deal with data upon submission. It's not something that should be used for general runtime processing since it requires a fair amount of processing overhead.

@@ -88,7 +88,7 @@ Note: This function should only be used to deal with data upon submission. It's

Note: If you use the form validation class, it gives you the option of XSS filtering as well.

-

An optional second parameter, is_image, allows this function to be used to test images for potential XSS attacks, useful for file upload security. When this second parameter is set to TRUE, instead of returning an altered string, the function returns TRUE if the image is safe, and FALSE if it contained potentially malicious information that a browser may attempt to execute.

+

An optional second parameter, is_image, allows this function to be used to test images for potential XSS attacks, useful for file upload security. When this second parameter is set to TRUE, instead of returning an altered string, the function returns TRUE if the image is safe, and FALSE if it contained potentially malicious information that a browser may attempt to execute.

if ($this->security->xss_clean($file, TRUE) === FALSE)
{
@@ -98,7 +98,7 @@ Note: This function should only be used to deal with data upon submission. It's

$this->security->sanitize_filename()

-

When accepting filenames from user input, it is best to sanitize them to prevent directory traversal and other security related issues. To do so, use the sanitize_filename() method of the Security class. Here is an example:

+

When accepting filenames from user input, it is best to sanitize them to prevent directory traversal and other security related issues. To do so, use the sanitize_filename() method of the Security class. Here is an example:

$filename = $this->security->sanitize_filename($this->input->post('filename')); -- cgit v1.2.3-24-g4f1b