Sometimes user copy pastes complete HTML content having CSS styles and HTML elements inside a HTML editor(CKEditor or TinyMCE etc) but CodeIgniter by default filters the styles from the posted data.
This style filtering is done in method “_remove_evil_attributes” of file “applicationcoreCP_Security.php”.
One easy way to fix this issue is to set global_xss_filtering = false; in config.php but then it will not handle cross-site scripting attacks throughout the application.
So the best way to fix this issue is to prevent filtering of style for only those places in the application where needed.
To prevent filtering of styles by CodeIgniter, extend the class of CodeIgniter core file “CP_Security.php” and override its method “_remove_evil_attributes” to use your setting as per requirement.
Below line in method “_remove_evil_attributes” of file CP_Security.php filters the style.
So the above line can be modified as below by overriding method “_remove_evil_attributes”.
If you do not know how to extend CodeIgniter class and override its method, then follow “Extending Core Class” section in the below official link of CodeIgniter: