I’m thinking of adding a rich text editor to allow a non-programmer to change the aspect of text. However, one issue is that it’s possible to distort the layout of a rendered page if the markup is incorrect. What’s a good lightweight way to sanitize html?
Advertisement
Answer
You will have to decide between good and lightweight. The recommended choice is ‘HTMLPurifier’, because it provide no-fuss secure defaults. As faster alternative it is often advised to use ‘htmLawed‘.
See also this quite objective overview from the HTMLPurifier author: http://htmlpurifier.org/comparison