ExpressionEngine® User Guide

Legacy Documentation

You are using the documentation for version 4.3.8. Go here for the latest version.

Security Helper

The Security Helper file contains security related functions. This helper is loaded using the following code:

ee()->load->helper('security');

Available Functions

xss_clean($str[, $is_image = FALSE])
Parameters:
  • $str (string) – Input data
  • $is_image (bool) – Whether we’re dealing with an image
Returns:

XSS-clean string

Return type:

string

Provides Cross Site Script Hack filtering.

This function is an alias for Security::xss_clean().

sanitize_filename($filename)
Parameters:
  • $filename (string) – Filename
Returns:

Sanitized file name

Return type:

string

Provides protection against directory traversal.

This function is an alias for Security::sanitize_filename().

strip_image_tags($str)
Parameters:
  • $str (string) – Input string
Returns:

The input string with no image tags

Return type:

string

This is a security function that will strip image tags from a string. It leaves the image URL as plain text.

Example:

$string = strip_image_tags($string);
encode_php_tags($str)
Parameters:
  • $str (string) – Input string
Returns:

Safely formatted string

Return type:

string

This is a security function that converts PHP tags to entities.

Note

xss_clean() does this automatically, if you use it.

Example:

$string = encode_php_tags($string);