Categories
Posts

HTML Purifier

In the world of HTML filtering in PHP HTML Purifier appears to be the current top dog. WordPress long ago forked kses for HTML filtering, which is fine, but as John Godley ( a co-worker at Automattic ) put it:

There is nothing fundamentally wrong with the way WordPress and bbPress filters comments, and in fact there has been no security alert related to this. However, this doesn’t detract from the desire to make things better, and the fact that HTML Purifier is much more thorough and exhaustive.

He wrote the HTML Purified WordPress plugin, which “replaces the default WordPress comments filters with HTML Purifier”.

For new PHP projects, or ones that allow you to easily swap in/out libraries, it looks like HTML Purifier is the current best option for HTML filtering.