I want to know when and where is the best to put a XSS filter based in your experiences.
I didn’t know about the XSS attacks when I readed about this CI filter. I readed several articles and forums about XSS attacks, but not how to apply a filter to prevent it, or at lees where and when to put a filter.
I see that XSS filter that CI include take an amount of process. So, as a second question: If a have a good server (supposing I have a Core 2 Duo with a 1GB RAM), is it a good idea to activate XSS filter to process all POST data (or another input data)?
I’m developing a large site that will be visited by many people and I have intention to use XSS filter at less for the administration control of the site if XSS filter is very necessary and is a good practice. I don’t want to abuse using this filter in order to protect the server. That’s why I’m asking this topic.
I hope that you can help me with your experience.
I didn't find the right solution from the Internet.