I'm using HTMLPurifier to check for XSS in an entire HTML document. The problem is that it appears to strip out anyything that isn’t inside <body>
tags. But, I want to keep everything, just look out for serious XSS attacks.
Any ideas how to allow <HTML>
, <HEAD>
, <META>
etc.?