The CodeIgniter security class function, xss_clean(), attempts to clean input from the POST or COOKIE data to mitigate against techniques that can allow for the injection of code into a website. For example, it would seek to prevent JavaScript code from being executed if it is included in a blog post submitted by a user, or look at the data submitted in a text input field and escape disallowed characters.
You can apply this to any controller you're creating, or if you've extended using MY_Controller, you can add it to that if you wish. You can also autoload the security helper by adding it to $autoload['helper'] = array() in the /path/to/codeigniter/application/config/autoload.php file. To be explicitly clear, here we're loading the security helper in the constructor of the controller (that is, any controller you have):
function __construct() {
parent::__construct();
$this->load->helper('security');
}