xss filtering

[eluser]sampada[/eluser]
Hi,
I need to use xss filtering for the authentication part.
I made following changes:

In config.php:
$config['global_xss_filtering'] = TRUE;

and in auth.php
$this->rapyd->load('dataform');
$form->username->rule = "trim|required|min_length[5]|max_length[20]|xss_clean|encode_php_tags";

But I get no errors (I mean fatal errors)

If I put <? echo "test"; ?> in username, it shows only: The Username field can not exceed 20 characters in length. error.
I am confused whether xss_filtering has actually worked.

Thanks