From the codeigniter github :

从 codeigniter github ：

A largely unknown rule about XSS cleaning is that it should only be applied to output, as opposed to input data.

We've made that mistake ourselves with our automatic and global XSS cleaning feature (see previous step about XSS above), so now in an effort to discourage that practice, we're also removing 'xss_clean' from the officially supported list of form validation rules.

Because the Form Validation library generally validates input data, the 'xss_clean' rule simply doesn't belong in it.

If you really, really need to apply that rule, you should now also load the Security Helper, which contains xss_clean() as a regular function and therefore can be also used as a validation rule.

关于 XSS 清理的一个鲜为人知的规则是它应该只应用于输出，而不是输入数据。

我们自己在自动和全局 XSS 清理功能中犯了这个错误（请参阅上面关于 XSS 的上一步），所以现在为了阻止这种做法，我们还从官方支持的表单验证列表中删除了“xss_clean”规则。

因为表单验证库通常验证输入数据，'xss_clean' 规则根本不属于它。

如果您真的，真的需要应用该规则，您现在还应该加载 Security Helper，其中包含 xss_clean() 作为常规函数，因此也可以用作验证规则。

Link : https://github.com/bcit-ci/CodeIgniter/blob/develop/user_guide_src/source/installation/upgrade_300.rst#step-13-check-for-usage-of-the-xss_clean-form-validation-rule

链接：https: //github.com/bcit-ci/CodeIgniter/blob/develop/user_guide_src/source/installation/upgrade_300.rst#step-13-check-for-usage-of-the-xss_clean-form-validation-规则

And if, despite everything, you really need it, go to application/config/autoload.php :

如果，尽管如此，您确实需要它，请转到 application/config/autoload.php ：

$autoload['helper'] = array('security');

Or, before your form validation

或者，在您的表单验证之前

$this->load->helper('security');

xss_clean is no longer part of form validation.

xss_clean 不再是表单验证的一部分。

The alternative is not to use it, as xss_cleanis doing sanitization and not validation. xss_cleanis part of security helper. If you need to do it, after validation you do.

另一种方法是不使用它，因为xss_clean正在做清理而不是验证。 xss_clean是安全助手的一部分。如果您需要这样做，请在验证后进行。

 $this->load->helper('security'); `
 $value = $this->input->post('email',TRUE); //where TRUE enables the xss filtering

 $this->load->helper('security'); `
 $value = $this->input->post('email',TRUE); //where TRUE enables the xss filtering

Also, you can enable global xss filtering in the config.php file

此外，您可以在 config.php 文件中启用全局 xss 过滤

$config['global_xss_filtering'] = TRUE;

$config['global_xss_filtering'] = TRUE;

Others have alluded to it, but no one has said succinctly, the way to fix this error is to remove xxs_cleanfrom your validation rule. I just came across this issue myself, and thanks to the hints provided here, was able to fix the issue.

其他人已经提到它，但没有人简洁地说，解决这个错误的方法是xxs_clean从你的验证规则中删除。我自己刚刚遇到了这个问题，多亏了这里提供的提示，我才能够解决这个问题。

This:

这个：

 $this->form_validation->set_rules('email', 'Email', 'required|trim|xss_clean|valid_email');

Becomes this:

变成这样：

 $this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');

Please load securityHelper on autoload.php

请security在 autoload.php 上加载 Helper

$autoload['helper'] = array('security');

No need to do anything more.

无需再做任何事情。

You should use.

你应该使用。

$this->load->helper('security'); 

Also you can use the below code in config/autoload.php ,But I prefer use the above one. Since, it keeps the Codeigniter lite weight.

您也可以在 config/autoload.php 中使用以下代码，但我更喜欢使用上面的代码。因为，它保持了 Codeigniter lite 的重量。

$autoload['helper'] = array('security');

Global overriding the rule would be expanding it with custom message next way:

全局覆盖规则将在下一个方式中使用自定义消息扩展它：

$this->form_validation->set_rules('email', 'Email', 'required|trim|xss_clean|valid_email',
        array('xss_clean' => 'Error Message: your xss is not clean.')
);