Codeigniter removes HTML entities

Question

I have a form in codeigniter to save some html content to the database. Example this HTML:

<div style="width:400px">
  <div style="background-color:yellow">
    Header
  </div>
</div>

When i save it i get the html tags broken. Even if i "print_r" the $_POST on submitting the form i see the html tags broken. Here is what i get:

<div 
  <div 
    Header
  </div>
</div>

But the same form without codeigniter (simple code) works normal and shows proper html.

Is this normal in CI? How can this be solved?

I don't see any problem with that, unless we are missing some processes here. Care to provide a lot 'more' detail? — Leandro Garcia, Apr 25 '12 at 02:31

score 5 · Accepted Answer · edited May 23 '17 at 10:29

5

It is a XSS filtering problem. On your CI installation, you have set the global_xss_filtering flag to true, therefore it cleanses all the input data before you can use it. here, the problem is described and solved before:

Codeigniter - Disable XSS filtering on a post basis

and here it is described in the "Security Filtering" section:

http://codeigniter.com/user_guide/libraries/input.html

edited May 23 '17 at 10:29

Community

1
1

answered Apr 25 '12 at 02:32

Taha Paksu

15,371
2
44
78

score 0 · Answer 2 · answered Aug 22 '12 at 12:21

0

Try to put "/" at style closing :

<div style="width:400px;">
    <div style="background-color:yellow;">
       Header
    </div>
</div>

answered Aug 22 '12 at 12:21

GautamD31

28,552
10
64
85

Codeigniter removes HTML entities

2 Answers2