CodeIgniter添加分号 [英] CodeIgniter adding semicolons

问题描述

如何停止CodeIgniter向通过POST发送的包含&号& 的数据添加分号; ？

How do I stop CodeIgniter adding semicolons ; to data sent via POST that contains ampersand &?

例如，它将a = 1& b = 2& c = 3转换为a = 1&b; = 2&c; = 3。从论坛看起来似乎是XSS过滤，我不想禁用网站范围只有1控制器，所以我尝试下面的代码，但它仍然在做：

For example it is converting "a=1&b=2&c=3" into "a=1&b;=2&c;=3". From looking on the forums it seems to be XSS filtering, which I don't want to disable site-wide only for 1 controller, so I tried the code below but it's still doing it:

$this->config->set_item('global_xss_filtering',false);

推荐答案

我没有使用XSS过滤，有bug。例如，当您启用XSS筛选功能时，您将无法发布含有YouTube嵌入代码的表单。我只对每个字段使用过滤器，我希望它被清理。

I'm not using XSS filtering, since it still have bug in it. For example, you will not be able to post a form that have youtube embed code in it when XSS filtering is on. I only use the filter per field that I want it to sanitized.

如果你的表单使用XSS过滤关闭，然后关闭。如果您需要针对XSS攻击进行清理，请考虑使用其他库，例如 HTML纯化器。

If your form is working with XSS filtering turned off, then turned it off. If you need to sanitize it against XSS attack, maybe consider another library, such as HTML purifier.

这篇关于CodeIgniter添加分号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！