When you add any CMS editor such as tinymce or ckeditor, you might have encountered an issue where you find that any external css style added for an element is wiped off (<span xss=removed>) by codeigniter before saving to database.
This happens due to external security in codeigniter core files that remove any risky code from POST variable.
To get this workaround open System > Core > Security.php and find $evil_attributes array and remove ‘style’ from array options.
// enter your allowed url such as ‘/admin/edit_user/3’
$allowed_path = array(‘/admin/edit_user/3’, ‘/admin/add_user’);
if(in_array($_SERVER[‘REQUEST_URI’],$allowed)){
static $evil_attributes = array(‘on\w+’, ‘xmlns’, ‘formaction’, ‘form’, ‘xlink:href’, ‘FSCommand’, ‘seekSegmentTime’);
} else {
static $evil_attributes = array(‘on\w+’, ‘xmlns’,’style’, ‘formaction’, ‘form’, ‘xlink:href’, ‘FSCommand’, ‘seekSegmentTime’);
}
JatinderSingh 