Secure input and data handling is hard when it comes to HTML because of many different types of malicious code (XSS).
HTML Purifier is a well documented, standards-compliant HTML filter library written in PHP. It simply:
- Removes all malicious code (better known as XSS) with an audited, secure yet permissive whitelist.
- Makes sure your documents are standards compliant.
HTML Purifier requires PHP 5 (PHP 4 versions are not supported any more but can be downloaded). It saves so much time while developing & offers much more expertise than most of the self-coded data-handling libraries as HTML Purifier is concentrated only in this area.
This open source secure data handling solution also has a comparison chart wih other HTML filters.
Some community-written plugins for CMS softwares, WYSIWYG editors can be found in the HTML Purifier website.
Requirements: PHP 5+
