https://stackoverflow.com/questions/18275252
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIf you want to disallow everything with HTML Purifier, the easiest way ought to be to set an empty with whitelist HTML.Allowed rather than an attempt at a thorough blacklist. (Generally speaking, I'd recommend staying away from blacklist approaches unless you really have no other option - with blacklists, there's always a chance to miss something.)
But:
HTML Purifier is a tool designed to help you specifically if you allow HTML. If you don't, chances are it is simply computational overhead and doesn't net you a benefit.
To contrast:
Perhaps try htmlspecialchars(strip_tags(...), ENT_QUOTES, 'your-encoding-goes-here') instead? That should be faster and just as secure for what you're trying to achieve.
