codeigniter4 · kenjis · Dec 20, 2021 · Dec 16, 2021 · Dec 16, 2021 · Dec 19, 2021
diff --git a/user_guide_src/source/incoming/filters.rst b/user_guide_src/source/incoming/filters.rst
@@ -200,10 +200,18 @@ In this example, the array ``['dual', 'noreturn']`` will be passed in ``$argumen
 Provided Filters
 ****************
 
-The filters bundled with CodeIgniter4 are: ``Honeypot``, ``CSRF``, ``InvalidChars``, ``SecureHeaders``, and ``DebugToolbar``.
+The filters bundled with CodeIgniter4 are: :doc:`Honeypot <../libraries/honeypot>`, :ref:`CSRF <cross-site-request-forgery>`, ``InvalidChars``, ``SecureHeaders``, and :ref:`DebugToolbar <the-debug-toolbar>`.
 
 .. note:: The filters are executed in the order defined in the config file. However, if enabled, ``DebugToolbar`` is always executed last because it should be able to capture everything that happens in the other filters.
 
+InvalidChars
+=============
+
+This filter prohibits user input data (``$_GET``, ``$_POST``, ``$_COOKIE``, ``php://input``) from containing the following characters:
+
+- invalid UTF-8 characters
+- control characters except line break and tab code
+
 SecureHeaders
 =============
 

diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst
@@ -19,6 +19,8 @@ If you find a case where you do need direct access though, you may load it throu
 
     $security = \Config\Services::security();
 
+.. _cross-site-request-forgery:
+
 *********************************
 Cross-site request forgery (CSRF)
 *********************************