For XSS filtering see the rigXssClean() function in system/libraries/Input.irev.
Unfortunately revIgniter's implementation for escaping database queries can not be associated with only one handler you could copy and paste. This subject is a bit more complex, so please bare with me when I point you to entire libraries like system/database/DBactiveRec.irev, system/database/DBdriver.irev and system/database/drivers/mysql/mysqlDriver.irev. Cheers Ralf On 18.09.2010, at 19:38, Web Admin Himalayan Academy wrote: > On 9/18/10 3:08 AM, Ralf Bitter wrote: >> just to clarify: >> active record database queries are escaped automatically by revIgniter, >> not by the server engine. Obviously the revIgniter user guide is >> capable of being misunderstood here. I will change that. >> >> Regarding XSS attacks: >> revIgniter comes with a Cross Site Scripting Hack prevention filter >> which can either run automatically to filter all POST and COOKIE data >> that is encountered, or you can run it on a per item basis. >> >> Cheers >> >> Ralf > > where in the framework can i find that code i.e library files... for now I > need to use it outside the revigniter framework (see other memo on that > issue.) > > Thanks! > > Skts _______________________________________________ use-revolution mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
