PHP filter library or class

Question

I need a filter function for a project I'm working on. I am thinking about using HTML purifier. However I concerned about it performance.

Does any of you guys used or using HTML purifier. Or do you suggest another library or class with similar functionality.

The most important issues are:

• utf-8 support
• xss security

Answer 1

If you want to :

• Make sure only the HTML tags and attributes that you specified are allowed
• And make sure you get some valid HTML as output,

Then I would say that HTMLPurifier is the right tool for the job.

I've used it a couple of times -- and I have never heard of another tool that would do that kind of stuff well.

As a sidenote about performances : you are validating/filtering the HTML when it is typed by the user, of course ?

I meant :

• Some HTML is input by the user
• You validate / filter / clean it with HTMLPurifier
• And you store that clean HTML to the database

And you don't use HTMLPurifier each time some HTML data is output, do you ? That would be awful for performances ^^

Oh, also : did you try activating some cache for HTMLPurifier ?

See the Cache section, in the documentation.