我的 CodeIgniter 3 脚本中出现 XSS 错误
I get an XSS error in my CodeIgniter 3 script
我正在开发 CodeIgniter 应用程序,
在本地主机上,一切正常,没有问题或错误。但是,当我将脚本上传到实时服务器时,我在加载我的应用程序的仪表板时收到了这个 XSS 警报。
我不知道如何解决这个问题。这是我的 config.php 文件:
> $config['base_url'] = 'https://demos.xxxxxxxx.com';
>
> $config['index_page'] = '';
>
>
> $config['uri_protocol'] = 'REQUEST_URI';
>
>
> $config['url_suffix'] = '';
>
>
> $config['language'] = 'english';
>
>
> $config['charset'] = 'UTF-8';
>
>
> $config['enable_hooks'] = FALSE;
>
>
> $config['subclass_prefix'] = 'MY_';
>
>
> $config['composer_autoload'] = FALSE;
>
>
> $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
>
>
> $config['enable_query_strings'] = FALSE;
>
> $config['controller_trigger'] = 'c';
>
> $config['function_trigger'] = 'm';
>
> $config['directory_trigger'] = 'd';
>
>
> $config['allow_get_array'] = TRUE;
>
>
> $config['log_threshold'] = 0;
>
>
> $config['log_path'] = '';
>
>
> $config['log_file_extension'] = '';
>
>
> $config['log_file_permissions'] = 0644;
>
>
> $config['log_date_format'] = 'Y-m-d H:i:s';
>
>
> $config['error_views_path'] = '';
>
>
> $config['cache_path'] = '';
>
>
> $config['cache_query_string'] = FALSE;
>
>
> $config['encryption_key'] = '';
>
>
> $config['sess_driver'] = 'files';
>
> $config['sess_cookie_name'] = 'ci_session';
>
> $config['sess_expiration'] = 7200;
>
> $config['sess_save_path'] = NULL;
>
> //$config['sess_save_path'] = sys_get_temp_dir();
>
> $config['sess_match_ip'] = FALSE;
>
> $config['sess_time_to_update'] = 300;
>
> $config['sess_regenerate_destroy'] = FALSE;
>
>
> $config['cookie_prefix'] = '';
>
> $config['cookie_domain'] = '';
>
> $config['cookie_path'] = '/';
>
> $config['cookie_secure'] = FALSE;
>
> $config['cookie_httponly'] = FALSE;
>
>
> $config['standardize_newlines'] = FALSE;
>
>
> $config['global_xss_filtering'] = FALSE;
>
>
> $config['csrf_protection'] = TRUE;
>
> $config['csrf_token_name'] = 'csrf_test_name';
>
> $config['csrf_cookie_name'] = 'csrf_cookie_name';
>
> $config['csrf_expire'] = 7200;
>
> $config['csrf_regenerate'] = TRUE;
>
> $config['csrf_exclude_uris'] = array();
>
>
>
> $config['compress_output'] = FALSE;
>
>
> $config['time_reference'] = 'local';
>
>
> $config['rewrite_short_tags'] = FALSE;
>
>
> $config['proxy_ips'] = '';
最后,我得到了错误的解决方案。
问题是通过 POST 方法传递的数据没有经过清理,并且偶然地,一些输入的数据包含编码标签。
我检查了所有代码以清理表单传递的数据,现在工作正常。
我删除了所有代码,例如 $_POST['postedvalue']
并修改为 $this->input->post('postedvalue');
我还检查了 config.php 文件并将 $config['global_xss_filtering'] 设置为 TRUE.
感谢@Arvin 的帮助
我正在开发 CodeIgniter 应用程序,
在本地主机上,一切正常,没有问题或错误。但是,当我将脚本上传到实时服务器时,我在加载我的应用程序的仪表板时收到了这个 XSS 警报。
> $config['base_url'] = 'https://demos.xxxxxxxx.com';
>
> $config['index_page'] = '';
>
>
> $config['uri_protocol'] = 'REQUEST_URI';
>
>
> $config['url_suffix'] = '';
>
>
> $config['language'] = 'english';
>
>
> $config['charset'] = 'UTF-8';
>
>
> $config['enable_hooks'] = FALSE;
>
>
> $config['subclass_prefix'] = 'MY_';
>
>
> $config['composer_autoload'] = FALSE;
>
>
> $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
>
>
> $config['enable_query_strings'] = FALSE;
>
> $config['controller_trigger'] = 'c';
>
> $config['function_trigger'] = 'm';
>
> $config['directory_trigger'] = 'd';
>
>
> $config['allow_get_array'] = TRUE;
>
>
> $config['log_threshold'] = 0;
>
>
> $config['log_path'] = '';
>
>
> $config['log_file_extension'] = '';
>
>
> $config['log_file_permissions'] = 0644;
>
>
> $config['log_date_format'] = 'Y-m-d H:i:s';
>
>
> $config['error_views_path'] = '';
>
>
> $config['cache_path'] = '';
>
>
> $config['cache_query_string'] = FALSE;
>
>
> $config['encryption_key'] = '';
>
>
> $config['sess_driver'] = 'files';
>
> $config['sess_cookie_name'] = 'ci_session';
>
> $config['sess_expiration'] = 7200;
>
> $config['sess_save_path'] = NULL;
>
> //$config['sess_save_path'] = sys_get_temp_dir();
>
> $config['sess_match_ip'] = FALSE;
>
> $config['sess_time_to_update'] = 300;
>
> $config['sess_regenerate_destroy'] = FALSE;
>
>
> $config['cookie_prefix'] = '';
>
> $config['cookie_domain'] = '';
>
> $config['cookie_path'] = '/';
>
> $config['cookie_secure'] = FALSE;
>
> $config['cookie_httponly'] = FALSE;
>
>
> $config['standardize_newlines'] = FALSE;
>
>
> $config['global_xss_filtering'] = FALSE;
>
>
> $config['csrf_protection'] = TRUE;
>
> $config['csrf_token_name'] = 'csrf_test_name';
>
> $config['csrf_cookie_name'] = 'csrf_cookie_name';
>
> $config['csrf_expire'] = 7200;
>
> $config['csrf_regenerate'] = TRUE;
>
> $config['csrf_exclude_uris'] = array();
>
>
>
> $config['compress_output'] = FALSE;
>
>
> $config['time_reference'] = 'local';
>
>
> $config['rewrite_short_tags'] = FALSE;
>
>
> $config['proxy_ips'] = '';
最后,我得到了错误的解决方案。
问题是通过 POST 方法传递的数据没有经过清理,并且偶然地,一些输入的数据包含编码标签。
我检查了所有代码以清理表单传递的数据,现在工作正常。
我删除了所有代码,例如 $_POST['postedvalue']
并修改为 $this->input->post('postedvalue');
我还检查了 config.php 文件并将 $config['global_xss_filtering'] 设置为 TRUE.
感谢@Arvin 的帮助