[eluser]Dandy_andy[/eluser]
I had a problem with global XSS filtering but have come up with a solution. Might not be the best way to do things, but it works. The way I get round disabling the global XSS filter for a POST request is to do the following:-
I use the following code where the XSS filter needs to be disabled (for example to allow scripts and code to be added to the database)
Code:
$input = html_entity_decode($input);
which essentially converts all the characters back again. This seems to work and has enabled me to allow scripts and code to be added to the database without turning off the global XSS filtering (as I have a lot of inputs elsewhere that need it).