I'm looking to sanitize third party Html to display on my website. Html purifier and Html sanitizer have been mentioned in other posts.
I am wondering what are the differences between the two, and which one should I use ?
On their website, Html purifier gets compared with other tools, but not with Html sanitizer.
Thanks in advance !
I'll post the comments here so you can mark as answer in case it it useful to others.
Credit to @Jared Farrish:
HTML Purifier is a long-standing project to sanitize string data. Your link to "Html sanitizer" appears to be a file someone authored for a tutorial (I'm not going to signup to view the file contents of
sanitizer.class.php). You should use HTML Purifier or htmLawed in practice.
In addition, you You should also use a Content Security Policy to prevent anything running that may break out of the sanitizer in future.
Also, you may find the following post useful: Escaping rich text editor output
