Mayur Lohite Published a new article on Web, Mobile & Software Dev, Web Development, Web & Mobile Design, Information Security
08-Nov-2019
Cross Site Scripting (XSS) is very known client-side code injection attack. Attacker can execute and run malicious java scripts using XSS. Attacker runs malicious javascripts to victim's browser by including malicious code in a legitimate web page or web application.
When victim visit website the attack will run and compromises the security. If you are developer and using codeignitor framework then it comes with a Cross Site Scripting prevention filter, which looks for commonly used techniques to trigger JavaScript or other types of code that attempt to hijack cookies or do other malicious things. If anything disallowed is encountered it is rendered safe by converting the data to character entities.
Its really easy to prevent XSS in Codeingitor. You just need to apply one simple method and the name is xss_clean().
How to use xss_clean()
In controller this helper is loaded using the following code:
<?php $this->load->helper('security'); ?>
Execute xss_clean() using security class.
<?php $data = $this->security->xss_clean($data); ?>
So when you are taking any user input apply this method to input then no malicious XSS data will stored in database or render.
$first_name = $this->security->xss_clean($this->input->post('first_name'));
Then you can save in db or push to view without fear.
Happy Coding!