HTMLPurifier, check entire HTML document
问题 I'm using HTMLPurifier to check for XSS in an entire HTML document. The problem is that it appears to strip out anyything that isn’t inside <body> tags. But, I want to keep everything, just look out for serious XSS attacks. Any ideas how to allow <HTML> , <HEAD> , <META> etc.? 回答1: David, I just searched on the HTMLPurifier support forum and saw that you've been busy. But perhaps you missed the posting from a few months ago that addresses your exact issue, specifically the reply: Full