Avoid XSS with BBCode input and HTML output
Codeigniter for validation has a property xss which will do all those staff
$this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[5]|max_length[12]|xss_clean');
check out form validation Codeigniter:
http://ellislab.com/codeigniter/user-guide/libraries/form_validation.html
I "find and replace" using PHP, I don't think it's the most efficient way of doing it though.
<?php $malicious = "<script>alert(1)</script>"; $malicious = str_ireplace("<", "", $malicious); $malicious = str_ireplace(">", "", $malicious); echo $malicious;?>
<?php$malicious = "<script>alert(1)</script>";$malicious = strip_tags($malicious);$malicious = htmlentities($malicious, ENT_QUOTES);echo $malicious;?>