Please add an option (simple checkbox) to disable the remove of XSS in field setup. Sometimes it is necessary that fields contain code-snipets. At the moment it is only possible to switch it on/off for the whole project.
It is not recommended to disable removing XSS for security reasons. If you just want to allow some tags, you can use Page_Load (for a table only) or Page_Loading (for all tables) server event (see Server Events and Client Scripts in the help file) to remove some items from the $EW_XSS_ARRAY, e.g. if you want to allow "embed" and "object" tag,
global $EW_XSS_ARRAY;
$EW_XSS_ARRAY = array_diff($EW_XSS_ARRAY, array("<embed", "<object"));