You can't prevent that input from the client side. You can add things to get in the way (or try), but it will always be trivial to submit malicious code. You NEED to sanitize in PHP.
ALWAYS ALWAYS ALWAYS escape user submitted content before displaying it (
htmlentities will usually take care of that for you).
If you want the ability to have HTML submitted (as you say you want WYSIWYG), then you'll need to white-list sanitize the HTML that was submitted. When I say white-list, I mean both tag name and attribute.
I'm not that familiar with CodeIgniter, but I did find this which looks like it may do what you want...