CI 的Security类提供了XSS过滤的函数
$this->secutry->xss_clean();
获取表单输入时,进行XSS过滤也很简单,input类已经集成了,
// 过滤XSS $content = $this->input->post($content,TRUE); // 不过滤 $name = $this->input->get($name,FALSE);
如果你想全局过滤所有的输入,只需在config.php设置即可
$config['global_xss_filtering'] = TRUE;
官网资料:https://codeigniter.com/user_guide/libraries/input.html?highlight=xss
Leave a Reply