what is XSS filtering in Codeigniter
XSS (Cross-site Scripting Hacks) filtering.
CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not run globally since it requires a bit of processing overhead, and since you may not need it in all cases.
XSS Protection functionality is turned off by default. To turn on this functionality, you simply either set the global configuration (i.e. system/application/config/config.php)…
$config[‘global_xss_filtering’] = TRUE;
…or, you can do it manually within your controller(s) like so…
$myvar = $this->input->xss_clean($data);