[eluser]rana[/eluser]
You may extend the existing xss filters and modify in such a way so that it accepts the style attribute.
[quote author="Salvador P." date="1360574152"]Thanks for your replies Aken and freeman204!
Tried with $_POST and same result if the XSS_Filtering is enabled.
Now I have tried with XSS_filtering disabled, and cleared all caches, and there they are!! We've got back the style tags!
So XSS_filtering is getting rid of the style tags... but we need the XSS_filtering enabled.
Searching for a solution got this:
We can use $this->input->post('some_name', TRUE); to enable XSS_filtering in each field of the form, with the global xss filtering disabled.
After some tests:
With config.php $config['global_xss_filtering'] = TRUE;
Code:
$this->input->post('some_name');
$this->input->post('some_name', FALSE);
Throw the same result, style tags gone.
With config.php $config['global_xss_filtering'] = FALSE;
Code:
$this->input->post('some_name', TRUE); // Wrong result
$this->input->post('some_name'); //Good result
Got the right result, with global xss filtering false.
----
We need the $config['global_xss_filtering'] = TRUE; for security reasons.
There is a way we can disable global_xss_filtering only for that controller? So we can get the correct input from the textarea, and keep the xss filtering in all the application.
Thanks!
[/quote]