doc: xss_clean() method is in Security, not Input #2075

Merged
merged 2 commits into from Jan 3, 2013

Conversation

Projects
None yet
2 participants
Contributor

sourcejedi commented Dec 16, 2012

The Input doc does talk about xss filtering, but they refer you to Security for details, which is where the function is actually defined. It gives more detail about what the function is supposed to do, and avoids some irrelevance.

It's probably not a big deal; it just looks wrong. It might have been responsible for confusion[1] sometimes.

[1] http://stackoverflow.com/questions/13570522/this-input-xss-cleandata-giving-fatal-error-with-codeigniter

@sourcejedi sourcejedi doc: xss_clean() method is in Security, not Input
The Input doc does talk about xss filtering, but they refer you to Security for details, which is where the function is actually defined.  It gives more detail about what the function is supposed to do, and avoids some irrelevance.

It's probably not a big deal; it just looks wrong.  It _might_ have been responsible for [confusion](http://stackoverflow.com/questions/13570522/this-input-xss-cleandata-giving-fatal-error-with-codeigniter) sometimes.
802f33d

@narfbg narfbg commented on an outdated diff Dec 17, 2012

user_guide_src/source/libraries/form_validation.rst
@@ -914,7 +914,7 @@ to use:
==================== ========= ===================================================================================================
Name Parameter Description
==================== ========= ===================================================================================================
@narfbg

narfbg Dec 17, 2012

Contributor

These "border lines" need to have a length higher or equal to the longest line in the table that would be generated, so you'll have to update them as well. Also, it would be nice if there was no empty line at EOF. :)

Otherwise, thanks - good catch!

Contributor

narfbg commented Dec 19, 2012

Hey @sourcejedi, would you update this one with my suggested changes so I can merge it? :)

Contributor

sourcejedi commented Dec 19, 2012

Thanks for reviewing it. Sorry for not replying.

I want to work out a more concrete proposal for htmlpurify. It could make this a bit pointless. Effectively I'd like to consider this a bug report instead of a pull request for now :). If that doesn't make sense, you could close this PR.

Contributor

narfbg commented Dec 19, 2012

Given the level of complexity that any alternative to xss_clean() would have, it might take awhile to get reviewed and/or merged in - I'm sure you understand why. This is relevant at the moment, so it does make sense to be applied now. :)

@sourcejedi sourcejedi doc: fix table markup in previous commit
"These "border lines" need to have a length higher or equal to the
longest line in the table that would be generated, so you'll have
to update them as well." - narfbg
93fa7e1
Contributor

sourcejedi commented Jan 3, 2013

Thanks again for the suggestions. I've fixed the header/footer lengths.

The "empty line" was generated automatically by the GitHub text editor. It's the preferred format for Unix tools including Git, and "diff". Even just using "cat " to print a file to the terminal assumes it's there.

Is there some other tool you're using, that it causes bigger problems for?

narfbg merged commit 594bfd7 into bcit-ci:develop Jan 3, 2013

1 check failed

default The Travis build failed
Details
Contributor

narfbg commented Jan 3, 2013

No, it's just a convention of a kind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment