Its really easy to prevent XSS in Codeingitor. You just need to apply one simple method and the name is xss_clean().
How to use xss_clean()
In controller this helper is loaded using the following code:
<?php $this->load->helper('security'); ?>
Execute xss_clean() using security class.
<?php $data = $this->security->xss_clean($data); ?>
So when you are taking any user input apply this method to input then no malicious XSS data will stored in database or render.
$first_name = $this->security->xss_clean($this->input->post('first_name'));
Then you can save in db or push to view without fear.