HTML Purifier is a standards-compliant HTML filter written in PHP. Because it uses whitelists and a comprehensive knowledge of the HTML specification, it is bullet-proof against XSS, fixes malformed input rather than reject it, and is open and extensible.