I'm in the process of developing a basic WYSIWYG for my site and I've used this line to turn XSS filtering off
$this->input->post(NULL, FALSE);
I have also tried
$this->input->post();
as I understand it, this should give me all postdata and not filter it, however, it appears to still be removing my <script> tags. Disregarding security concerns for now (I'll handle those still) how can I guarantee that my scripts are not removed without disabling XSS for my entire site?
P.S. I have also verified that $config['global_xss_filtering'] is set to false.
Per the CI documentation, if you're looking to pull the whole post array without XSS, you should replace $this->input->post(NULL, FALSE); with $this->input->post();