Bug in xss filtering?

[eluser]Unknown[/eluser]
Hi
I am integrating a wysiwyg editor in CI and I've come across something odd.

The editor (jquery redactor) has a feature to resize images, so when I submit the content of the editor,it sends something like this

Code:

<p></p><p></p><p><p><img src="http://localhost:8888/croatia2/uploaded/hang4.jpg">/p></p><p></p><p></p>

but when I get the value with $data=$this->input->post(); the html is broken, loosing the style like this

Code:

<p></p><p></p><p><p><img src="http://localhost:8888/croatia2/uploaded/hang4.jpg"></p></p><p></p><p></p>

It turns out that I had global_xss_filtering enabled in the config file, and I have found that if I disable that, the html keeps the style.
I don't know if this should be reported as a bug or I am missing something

[eluser]Unknown[/eluser]
well ,f***

It seems that the forum is filtering my html input as well.

basically the problem is that initially in the posted img tag there is an atrtribute style like this one

Code:

style="cursor: nw-resize; width: 226.41237113402062px; height: 158px; "

and after getting it with $data=$this->input->post();

it is replaced with

Code:

nw-resize; width: 226.41237113402062px; height: 158px; "

leaving the style attribute broken

[eluser]Aken[/eluser]
The style attribute is an "evil" attribute, and is supposed to be removed by xss_clean. Typically, the entire tag should be removed. The fact that the content is being kept may be a bug - I'm not sure, I haven't done any testing. Are you using the latest version of CI? Particularly 2.1.2 (version before current) had updates to xss_clean.

Either way, the altering of the style tag is intentional with xss_clean.