News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Padraic Brady's Blog:
CodeIgniter 2.0.2 Cross-Site Scripting (XSS) Fixes And Recommendations
May 10, 2011 @ 11:12:55

Padraic Brady has a new post looking at a cross-site scripting issue he came across when working with CodeIgniter 2.0.2 and some fixes and recommendations he has about correcting the situation.

EllisLabs' news release for CodeIgniter 2.0.2 makes mention of "a small vulnerability". This small vulnerability is mentioned no where else (not even the actual changelog for 2.0.2). In reality, I reported seven distinct vulnerabilities across two classes. These vulnerabilities might allow an attacker to inject arbitrary HTML, CSS or Javascript, i.e. Cross-Site Scripting (XSS) into an application's output.

He gives a list of four recommendations that CodeIgniter 2.0.2 users can take to creating (or updating) their applications including using HTMLPurifier when you need sanitization and ensuring that views and templates from third parties are clear of XSS issues.

0 comments voice your opinion now!
crosssitescripting xss codeigniter filter htmlpurifier


blog comments powered by Disqus

Similar Posts

DevShed: Moving Presentation Logic Out of Views with CodeIgniter

Chris Hartjes' Blog: 10 Days Later - Early Impressions of CakePHP vs. CodeIgniter

Padraic Brady's Blog: CodeIgniter 2.0.2: Cross-Site Scripting (XSS) Fixes And Recommendations

Start up web 2.0 Blog: CakePHP & CodeIgniter Benchmark

Phil Sturgeon's Blog: CodeIgniter "2.0": Rumours, facts and requests


Community Events





Don't see your event here?
Let us know!


release framework library opinion podcast symfony update api zendserver language install unittest series laravel deployment community introduction tips interview package

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework