[eluser]boltsabre[/eluser]
Yeah, your post variables (however you access them either by native PHP code or CI code) have been cleansed.
Although for best practices you should heavily validate input anyway (ie, if you only want an int, make sure the form throws a validation error if user does not enter an int!) Cleanse cleanse cleanse!!! XSS filters are notorious for failing as malicious users develop more complicated ways of exploiting them - no filter is 100% safe now (and more importantly in the future), and that is why you should validate your forms to as close as to what you desire your input to be.
I have a website with a custom filter that I use a lot, and that's to fail validation if there is a scripting < tag or the html entity code value in there anywhere both opening and closing tags) (I don't need html mark up by users in that website, and this also has the added benefit that 'spam bots/people' are less likely to leave stupid comments with backlinks to their own websites as they cannot wrap it in anchor tags!!!)