[eluser]HdotNET[/eluser]
k... looked further.
the xmlrpc class is cleaning the output using the CI input->xss_clean() method.
it happens within the xmlrpc->decode()
(called by send_request within the xmlrpc_client controller)
commenting a couple of lines solves the the script tag removing problem.
why is the data being xss cleaned here?
Code:
function decode($array=FALSE)
{
$CI =& get_instance();
if ($array !== FALSE && is_array($array))
{
while (list($key) = each($array))
{
if (is_array($array[$key]))
{
$array[$key] = $this->decode($array[$key]);
}
else
{
//HDOTNET
//$array[$key] = $CI->input->xss_clean($array[$key]);
}
}
$result = $array;
}
else
{
$result = $this->xmlrpc_decoder($this->val);
if (is_array($result))
{
$result = $this->decode($result);
}
else
{
//HDOTNET
//$result = $CI->input->xss_clean($result);
}
}
return $result;
}