HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.

HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set.  This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.

What's New in This Release Version 4.2.0 HTML Purifier:
- Added %Core.RemoveProcessingInstructions, which lets you remove <? ... ?> statements.
- Added %URI.DisableResources functionality; the directive originally did nothing. 
- Add documentation about configuration directive types.
- Add %CSS.ForbiddenProperties configuration directive.
- Add %HTML.FlashAllowFullScreen to permit embedded Flash objects to utilize full-screen mode.
- Add optional support for the <code>file</code> URI scheme, enable by explicitly setting %URI.AllowedSchemes.
- Add %Core.NormalizeNewlines options to allow turning off newline normalization.
- Fix improper handling of Internet Explorer conditional comments by parser.
- Fix missing attributes bug when running on Mac Snow Leopard and APC.
- Warn if an element is allowed, but an attribute it requires is not allowed.