php - xss_clean(set_value('field_name')) or set_value('field_name') is safe enough? -

as codeigniter3's documentation says ,

a largely unknown rule xss cleaning should applied output, opposed input data.

should use xss_clean() before outputting user's data? or set_value me?

yes, set_value() apply xss-sanitizing default.

however, careful when using other form helper functions, because well, , don't want double-escaping. as explained in manual, can turn escaping off passing (boolean) false third parameter set_value().