global xss protection is set to TRUE now. but the poison input will be displayed as literally as [removed], so I need to know whether the input is poison or not, if it's poison I will drop it.
I can simply use the function strstr to do this, if there is [removed] in the string then it is poison.
but wouldn't it be better if CodeIgniter provided already.
try this:
word_censor();
a text helper
$disallowed = array('darn', 'shucks', 'golly', 'phooey');
$string = word_censor($string, $disallowed, 'Beep!');
Enables you to censor words within a text string. The first parameter will contain the original string. The second will contain an array of words which you disallow. The third (optional) parameter can contain a replacement value for the words. If not specified they are replaced with pound signs: ####. Example: