best way to secure simple wysiwyg with php

Question

I have added a simple wysiwyg editor in my website. (it only allows B / I / U - no more)
I currently store all content as html in my database - but it\'s simple to add

Answer 1

Use strip_tags(). http://php.net/manual/en/function.strip-tags.php

string strip_tags ( string $str [, string $allowable_tags ] )

The second parameter is a list of allowable tags; just list '' and the rest will be stripped.

Do note that as deceze mentioned:

This function does not modify any attributes on the tags that you allow using allowable_tags, including the style and onmouseover attributes that a mischievous user may abuse when posting text that will be shown to other users.

So it doesn't offer full protection from malicious code by itself!