Our great sponsors
-
PHP Markdown
Parser for Markdown and Markdown Extra derived from the original Markdown.pl by John Gruber.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Use http://htmlpurifier.org/ its pretty battle tested and highly configurable.
All joking aside, please sanitize on input, not output. As far as the second part of your question goes, there is no built in partial strip_tags function. The safest thing to do would be to continue using strip_tags on insert in conjunction with something like markdown to convert to the allowed HTML entities.
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a more popular project.