What is the best method to strip htnl tags from the input?
How can i remove the HTML tags while validating the input
$this->form_validation->set_rules('description', 'Description', 'trim|xss_clean');
Do I need to add custom call back method to validation rules?
Do I need to add custom call back method to validation rules?
I think yes, you can also do something like:
$stripped = strip_tags($content);
According to this, you can add strip_tags directly to set_rules():
Any native PHP function that accepts one parameter can be used as a rule, like htmlspecialchars, trim, MD5, etc.
So it would probably look like this:
$this->form_validation->set_rules('description', 'Description',
'trim|xss_clean|strip_tags');
Blanket filtering over application input is totally bogus. It will mangle potentially-valid input and will not reliably protect from XSS. The only way to be safe from XSS is to correctly escape every text string you interpolate into HTML at the output stage, eg. using htmlspecialchars.
CodeIgniter's xss_clean does a quite amazingly blunt and silly set of string mangling even by the very very low standards of “XSS Protection” tools; you should not use it under any circumstances.