当前位置: 动力学知识库 > 问答 > 编程问答 >

How to insert scripts in database using codeigniter

问题描述:

I want to insert <script></script> in my database, I enabled xss

$config['global_xss_filtering'] = TRUE;

I don't want to make it false this config variable.

With out making false, I want to insert javascript tags like this <script></script> in my database, any one please help me on this.

网友答案:

What XSS Filtering does is: if anything disallowed is encountered it is rendered safe by converting the data to character entities. The filtered information is saved inside your database in a safe format (using htmlentities()), but it's all there. So what you need to do is to apply html_entity_decode() when reading that particular field from database, before echoing on page.

I believe doing this is not to be recommended though, since it defies the whole purpose of xss filtering in the first place, and leaves a big security whole inside your application. Scripts should never be editable by the user.

分享给朋友:
您可能感兴趣的文章:
随机阅读: