On 9/18/10 10:31 AM, Ralf Bitter wrote:
For XSS filtering see the rigXssClean() function
in system/libraries/Input.irev.
Unfortunately revIgniter's implementation for escaping database queries
can not be associated with only one handler you could copy and paste.
This subject is a bit more compl
> just to clarify:
> active record database queries are escaped automatically by revIgniter,
> not by the server engine. Obviously the revIgniter user guide is
> capable of being misunderstood here. I will change that.
Sorry Ralf, I love your work but this is not a misunderstanding. It's clearly
For XSS filtering see the rigXssClean() function
in system/libraries/Input.irev.
Unfortunately revIgniter's implementation for escaping database queries
can not be associated with only one handler you could copy and paste.
This subject is a bit more complex, so please bare with me when I point y
On 9/18/10 3:08 AM, Ralf Bitter wrote:
just to clarify:
active record database queries are escaped automatically by revIgniter,
not by the server engine. Obviously the revIgniter user guide is
capable of being misunderstood here. I will change that.
Regarding XSS attacks:
revIgniter comes with
just to clarify:
active record database queries are escaped automatically by revIgniter,
not by the server engine. Obviously the revIgniter user guide is
capable of being misunderstood here. I will change that.
Regarding XSS attacks:
revIgniter comes with a Cross Site Scripting Hack prevention fi
> I'm thinking this should suffice where the "positive match" is A-z plus 0-9,
> comma, period and explanation mark... if allowed should suffice, but then I
> may need to deal with SQL injection (PostGreSQL) also. if there is no ";"
> then nothing can happen. But I know it is more complicated
If any one has any input form validation-sanitizer handlers for web
forms, (irev includes...) I could use them right now.
I've studied the web on this. It's vast... "positive match" (i.e. the
input must be a precise match for a given set of values) is considered
the simplest and strongest for