CodeIgniter xss_clean filter Example

We have share how to implement XSS filter in codeigniter. XSS stands for cross-site scripting. CodeIgniter comes with XSS filtering security.There are some cross-site scripting hack prevention filters in CodeIgniter. It is used to disable JavaScript or other types of code that try to hijack cookies and perform other type of malicious activities. CodeIgniter has a built in XSS filter which is initialized automatically.

Syntax:

Load "security" class in controller.

    load->helper("security"); ?>

Executing "xss_clean" function using security class.

    security->xss_clean($data); ?>

Create a controller file like contactus.php inside “application/controllers” folder.

/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */

/**
 * Description of Employee Controller
 *
 * @author TechArise Team
 *
 * @email  info@techarise.com
 */
defined('BASEPATH') OR exit('No direct script access allowed');

class Contactus extends CI_Controller {
      
  public function __construct() {
    //Load helper and library.
    parent::__construct();
    $this->load->helper('url');
    $this->load->helper('form');
    $this->load->helper("security");
  }
  // index method
  public function index() {
    // contactus page.
    $this->load->view("contactForm/index");
  }

  //submit action method
  public function submitAction() {
    // POST values
    $data['nonxssData']= array(
      'first_name' => $this->input->post('first_name'),
      'last_name' => $this->input->post('last_name'), 
      'email' => $this->input->post('email'),
      'message' => $this->input->post('message'),
    );

    // Apply Cross Site Scripting of "security" library, which filtered data from passing through  

Note: For example, enter values in this form fields using tag, you will get a alert message, which is encountered by post method.

Demo  [sociallocker] Download[/sociallocker]