From 63fc5fe5c6d8c9c8a2d693b0f65c3c8af8f2a74f Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Thu, 15 May 2008 20:13:14 +0000
Subject: added ability to use xss_clean() to test images, and improved
 security for vectors particular to the Opera family of browsers

---
 user_guide/libraries/input.html | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'user_guide/libraries')

diff --git a/user_guide/libraries/input.html b/user_guide/libraries/input.html
index 17ed7f0ff..c95ebbd98 100644
--- a/user_guide/libraries/input.html
+++ b/user_guide/libraries/input.html
@@ -109,7 +109,12 @@ Note: This function should only be used to deal with data upon submission. It's
 
 <p>Note: If you use the form validation class, it gives you the option of XSS filtering as well.</p>
 
+<p>An optional second parameter, <dfn>is_image</dfn>, allows this function to be used to test images for potential XSS attacks, useful for file upload security.  When this second parameter is set to <dfn>TRUE</dfn>, instead of returning an altered string, the function returns TRUE if the image is safe, and FALSE if it contained potentially malicious information that a browser may attempt to execute.</p>
 
+<code>if ($this->input->xss_clean($file, TRUE) === FALSE)<br />
+{<br />
+&nbsp;&nbsp;&nbsp;&nbsp;// file failed the XSS test<br />
+}</code>
 
 
 <h2>Using POST, COOKIE, or SERVER Data</h2>
-- 
cgit v1.2.3-24-g4f1b