I am not sure whether this is a desired result, but when I have input in the following form

<script whatever text strings follow >

retrieving the following

will return an empty string but it passes the validation rule ‘required’. I tested the following string

<script some valid search strings
<script asdfjasdklfjasdklfj als>

to search in this forum and I get error for search terms that are too short

what if you add xss in front of the required rule in your validation. The xss in the input->post is a pre validation action that is why the required rule is valid but you get an empty string.

xwero - 06 June 2008 01:28 AM

what if you add xss in front of the required rule in your validation. The xss in the input->post is a pre validation action that is why the required rule is valid but you get an empty string.

thanks for the information, so this means input->post(’...’, TRUE) does the xss filtering after going though the defined rules?

Yes if you want it before the validation you can add the xss ‘rule’ as i suggested or set the the global xss filtering to true