Best Practice: User generated HTML cleaning

Question

I\'m coding a WYSIWYG editor width designMode=\"on\" on a iframe. The editor works fine and i store the code as is in the database.

Before outputing the html i need

Answer 1

If you are familiar with ASP .NET, just perform a Server.htmlencode() to convert special characters like < > to "& g t;" "&l t ;"

In php, you can use htmlspecialchars() functions.

Once the special characters are encoded, cross-site-scripting can be prevented.