Is it safe if I just use htmlpurifier for some of my user submitted data so they can enter html code like myspace?
Here is a sample code of PHP and htmlpurifier.
$purifier->purify($content);
A:
Yes it is pretty much safe and that's what HTMLPurifier is handy at amongst other things.
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited,
secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.
Sarfraz
2010-07-31 14:10:37