HTML Purifier - what to purify?

Question

I am using HTML Purifier to protect my application from XSS attacks. Currently I am purifying content from WYSIWYG editors because that is the only place where users are all

Answer 1

You should Purify anything that will ever possibly be displayed on a page. Because with XSS attacks, hackers put in