Allow user submitted HTML in PHP

Question

I want to allow a lot of user submitted html for user profiles, I currently try to filter out what I don\'t want but I am now wanting to change and use a whitelist approach.

Answer 1

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.