Most WYSIWYG editors require either that the "full HTML" input format is used or a format with a large set of allowed tags, including some dangerous ones. Because the default HTML filter has only limited knowledge about HTML, this possibly allows for XSS attacks.
HTML Purifier has two main advantages:
This module has been tested with the following other modules:
More modules need to be tested, especially WYSIWYG editors (HTMLArea, FCKeditor, TinyMCE). If you have done so, please tell me about your experiences.
You can download the current development version from the SVN repository. This code does not include the HTML Purifier code, you will need to download that separately. See the included INSTALL.txt for details.
The latest version of this module can be downloaded from the HTMLPurifier project page.