Need Help Soft Rejected My Item

Hi there,

I have got a soft rejection for My CodeIgniter item.

Reason:

  1. Data Validation issues have been found. Do a global search for “echo $”. All dynamic data must be correctly escaped for the context where it is rendered.

  2. No inline scripts or styles: https://envato.d.pr/poKuh3

  3. Use .on() rather than .click(), .bind(), .hover(), .submit() etc… https://envato.d.pr/ewmLyj

  4. All JavaScript should be written with “use strict” mode on. For example, you can do this with jQuery as follows: (function($) { “use strict”; // Author code here })(jQuery);

Any One Please Help Me…

Hi!

My tips:

  1. You can learn more about those technologies!
  2. Ask Envato’s staff for more help
  3. Check the tutorials

Hi

soft rejecetion issues has mentioned more clearly by the reviewer.

  1. you should escaped all data. Please search google for more details how to escaped

  2. you should transfer all insline css into the css file

  3. you should PROPER EVENT BINDING for example:
    .click(function(){
    should replace with:
    .on(‘click’, ‘’, function(event){

  4. in your js file you should add:
    “use strict”;
    just after:
    (function ($) {

Thanks

Dear sir thanks for your reply.

Help me by answering some of my questions

  1. For “CodeIgniter”
    $config[‘global_xss_filtering’] = TRUE;
    Or
    $xss_clean = $this->security->xss_clean($this->input->post());
    not enough for escaped data?

  2. Already transferred all inline css into the css file, but some time i am use like that
    <div style=“margin-left: 10px;”> Is this an issue ?

Please help me.

  1. you can check:
    https://forum.codeigniter.com/thread-61202.html

  2. yes issue and should to transfer all insline css into the css file using a class there

1 Like

One more thing.

In PHP file needs to use “use strict” mode?
Example:

<script type='text/javascript'>
“use strict”;
$(document).ready(function () {});
</script>

Please answer me…

no, in js file.

Thanks sir,
My last question:
For data escaped each

“echo $name” replace “echo htmlentities($name)”.
Or
$data = array(‘some_value’ => $this->input->post(‘some_value’, TRUE);
$this->db->insert($this->db->table, $data);

Which would be the right solution?

Escape the data before submitting it into your database or outputting it to a browser.

Never insert information into your database without escaping it.
https://codeigniter.com/user_guide/database/queries.html

https://codeigniter.com/user_guide/general/common_functions.html?highlight=html_escape#html_escape

I am surprised why you don’t study on google searching to check codeigniter Escape data.