Looks like there is a bug in the xss filter.
I’m receiving an email address from the login form via $this->input->post(’email’, TRUE) and if there is a dot character in email - it turns empty after xss filtering:( For example on Gmail users could have emails with dot as id do.
Is it really a bug or i misunderstand something again?

Could you post a stripped down controller with only the minimum of code you need to recreate this problem Base Willy?  Right now, I’m not able to confirm, and I’ve submitted “www.something.com” (with periods) tens of thousands of times, so I wonder if there is something else going on here. Thanks.