ExpressionEngine Docs

Security Helper

The Security Helper file contains security related functions. This helper is loaded using the following code:

ee()->load->helper('security');

Available Functions

xss_clean($str[, $is_image = FALSE])

Parameter Type Description
$str String Input data
$is_image Bool Whether we’re dealing with an image
Returns String XSS-clean string

Provides Cross Site Script Hack filtering.

This function is an alias for Security::xss_clean().

sanitize_filename($filename)

Parameter Type Description
$filename String Filename
Returns String Sanitized file name

Provides protection against directory traversal.

This function is an alias for Security::sanitize_filename().

strip_image_tags($str)

Parameter Type Description
$str String Input string
Returns String The input string with no image tags

This is a security function that will strip image tags from a string. It leaves the image URL as plain text.

Example:

$string = strip_image_tags($string);

encode_php_tags($str)

Parameter Type Description
$str String Input string
Returns String Safely formatted string

This is a security function that converts PHP tags to entities.

Note: xss_clean() does this automatically, if you use it.

Example:

$string = encode_php_tags($string);