What is the Security class in CodeIgniter 4?
Answer
The Security class in CodeIgniter 4 handles various security features. Get it: $security = service("security"). CSRF: generates and validates CSRF tokens for form protection (csrf_token(), csrf_hash(), csrf_field() helpers). XSS filtering: $security->sanitizeFilename($filename) cleans filenames for safe use. Input sanitization: use $request->getVar("field", FILTER_SANITIZE_STRING) or PHP's filter functions. The esc($value, "html") function (or its alias h()) escapes output for HTML — use it in views instead of xss_clean(). Configure CSRF options in app/Config/Security.php: token name, cookie settings, regeneration policy, and which routes to exclude. Always escape output at display time rather than sanitizing at input time.
Previous
What is the difference between CodeIgniter 3 and CodeIgniter 4?
Next
What are Migrations in CodeIgniter 4?