Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.
Following code for making Cross site scripting language.
Create php file in Application/controller folder:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Contactus extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->helper('url');
$this->load->helper('form');
$this->load->helper("security");
}
public function index() {
$this->load->view("contactForm/index");
}
public function submitAction() {
$data['nonxssData']= array(
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name'),
'email' => $this->input->post('email'),
'message' => $this->input->post('message'),
);
<script> tag.
$data['xssData'] = $this->security->xss_clean($data['nonxssData']);
$this->load->view("contactForm/index", $data);
}
}
?>
Create index.php in application/view/contactform
<?php
$this->load->view('templates/header');
?>
<header class="page-header">
<h1 class="entry-title">Codeigniter: cross-site scripting Demo</h1>
</header>
<?php if(!empty($this->input->post('check_xss_clean'))) { ?>
<div class="row">
<div class="col-lg-6 col-md-6 col-sm-6">
<h3>Result: with xss_clean CodeIgniter</h3>
<label>First Name: </label> <?php echo $xssData['first_name']; ?>
<label>Last Name: </label> <?php echo $xssData['last_name']; ?>
<label>Email: </label> <?php echo $xssData['email']; ?>
<label>Message: </label> <?php echo $xssData['message']; ?>
</div>
<div class="col-lg-6 col-md-6 col-sm-6">
<h3>Result: without xss_clean CodeIgniter</h3>
<label>First Name: </label> <?php echo $nonxssData['first_name']; ?>
<label>Last Name: </label> <?php echo $nonxssData['last_name']; ?>
<label>Email: </label> <?php echo $nonxssData['email']; ?>
<label>Message: </label> <?php echo $nonxssData['message']; ?>
</div>
</div>
<?php } ?>
<?php
echo form_open('contactus/submitaction');
?>
<div class="row">
<div class="col-lg-12 col-md-12 col-sm-12">
<div class="form-group">
<?php
echo form_label('First Name', 'first-name');
$data = array(
'name' => 'first_name',
'id' => 'first-name',
'class' => 'form-control',
'placeholder' => 'Enter first name',
'required' => 'required'
);
echo form_input($data);
?>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12">
<div class="form-group">
<?php
echo form_label('Last Name', 'last-name');
$data = array(
'name' => 'last_name',
'id' => 'last-name',
'class' => 'form-control',
'placeholder' => 'Enter last name',
'required' => 'required' );
echo form_input($data);
?>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12">
<div class="form-group">
<?php
echo form_label('Email', 'email');
$data = array(
'name' => 'email',
'id' => 'email',
'class' => 'form-control',
'placeholder' => 'Enter email',
'required' => 'required'
);
echo form_input($data);
?>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12">
<div class="form-group">
<?php
echo form_label('Message', 'message');
$data = array(
'name' => 'message',
'id' => 'message',
'class' => 'form-control',
'placeholder' => 'Enter message',
'required' => 'required' );
echo form_input($data);
?>
</div>
</div>
</div>
<div class="row">
<div class="col-lg-12 col-md-12 col-sm-12 text-right">
<button type="submit" name="check_xss_clean" value="check_xss_clean" class="btn btn-primary">Submit</button>
</div>
</div>
<?php
//close form
echo form_close();
?>
<footer class="entry-meta">
<span class="edit-link">
<a class="btn btn-primary btn-sm" href="http://techarise.com/codeigniter-xss-clean/"><i class="fa fa-mail-reply"></i> Back To Tutorial</a>
</span>
</footer>
<?php
$this->load->view('templates/footer'); ?>
OutPut:
Fruxinfo Pvt.Ltd
Following code for making Cross site scripting language.
Create php file in Application/controller folder:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Contactus extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->helper('url');
$this->load->helper('form');
$this->load->helper("security");
}
public function index() {
$this->load->view("contactForm/index");
}
public function submitAction() {
$data['nonxssData']= array(
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name'),
'email' => $this->input->post('email'),
'message' => $this->input->post('message'),
);
<script> tag.
$data['xssData'] = $this->security->xss_clean($data['nonxssData']);
$this->load->view("contactForm/index", $data);
}
}
?>
Create index.php in application/view/contactform
<?php
$this->load->view('templates/header');
?>
<header class="page-header">
<h1 class="entry-title">Codeigniter: cross-site scripting Demo</h1>
</header>
<?php if(!empty($this->input->post('check_xss_clean'))) { ?>
<div class="row">
<div class="col-lg-6 col-md-6 col-sm-6">
<h3>Result: with xss_clean CodeIgniter</h3>
<label>First Name: </label> <?php echo $xssData['first_name']; ?>
<label>Last Name: </label> <?php echo $xssData['last_name']; ?>
<label>Email: </label> <?php echo $xssData['email']; ?>
<label>Message: </label> <?php echo $xssData['message']; ?>
</div>
<div class="col-lg-6 col-md-6 col-sm-6">
<h3>Result: without xss_clean CodeIgniter</h3>
<label>First Name: </label> <?php echo $nonxssData['first_name']; ?>
<label>Last Name: </label> <?php echo $nonxssData['last_name']; ?>
<label>Email: </label> <?php echo $nonxssData['email']; ?>
<label>Message: </label> <?php echo $nonxssData['message']; ?>
</div>
</div>
<?php } ?>
<?php
echo form_open('contactus/submitaction');
?>
<div class="row">
<div class="col-lg-12 col-md-12 col-sm-12">
<div class="form-group">
<?php
echo form_label('First Name', 'first-name');
$data = array(
'name' => 'first_name',
'id' => 'first-name',
'class' => 'form-control',
'placeholder' => 'Enter first name',
'required' => 'required'
);
echo form_input($data);
?>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12">
<div class="form-group">
<?php
echo form_label('Last Name', 'last-name');
$data = array(
'name' => 'last_name',
'id' => 'last-name',
'class' => 'form-control',
'placeholder' => 'Enter last name',
'required' => 'required' );
echo form_input($data);
?>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12">
<div class="form-group">
<?php
echo form_label('Email', 'email');
$data = array(
'name' => 'email',
'id' => 'email',
'class' => 'form-control',
'placeholder' => 'Enter email',
'required' => 'required'
);
echo form_input($data);
?>
</div>
</div>
<div class="col-lg-12 col-md-12 col-sm-12">
<div class="form-group">
<?php
echo form_label('Message', 'message');
$data = array(
'name' => 'message',
'id' => 'message',
'class' => 'form-control',
'placeholder' => 'Enter message',
'required' => 'required' );
echo form_input($data);
?>
</div>
</div>
</div>
<div class="row">
<div class="col-lg-12 col-md-12 col-sm-12 text-right">
<button type="submit" name="check_xss_clean" value="check_xss_clean" class="btn btn-primary">Submit</button>
</div>
</div>
<?php
//close form
echo form_close();
?>
<footer class="entry-meta">
<span class="edit-link">
<a class="btn btn-primary btn-sm" href="http://techarise.com/codeigniter-xss-clean/"><i class="fa fa-mail-reply"></i> Back To Tutorial</a>
</span>
</footer>
<?php
$this->load->view('templates/footer'); ?>
OutPut:
Fruxinfo Pvt.Ltd
Fruxinfo Pvt. Ltd. I'Our company is 7 year old. We are a highly reputed company that has been providing quite a number of digital oriented services including SMO, SEO, web development and Mobile development services across board. Additionally, our professionals have been involved in all various developments that include designing and creation of application that meet accepted standards, all these enabled by the use of versatile programming languages that have the greatest impact on business irrespective of the industry. 
0 coment�rios: