Validate HTML embed code using PHP or javascript or PHP framework (Zend)
If you want to allow the user to enter HTML and then display it on your website, HTMLPurifier is a really great solution .
It requires some "kind" of HTML code as input and returns valid-HTML, allowing you to specify which tags and attributes should be allowed — all others will be removed.
This way, if your users enter invalid HTML, you'll still end up with valid HTML (less risk of destroying your layout when rendered), and if you only provide a couple of harmless tags and attributes, a great plus for security.
If you want to give it a try without integrating it into your application, a demo page is available there by the way.
For example, if I enter something like this:
<p>
this <b>is a<i>test</b></i>
with a not <em>closed tag
and a <a href="http://google.com" onclick="alert('bouh');">link</a>
and some <script type="text/javascript>alert('script');</script>
</p>
The HTML I receive as output will be :
<p>
this <b>is a<i>test</i></b>
with a not <em>closed tag
and a <a href="http://google.com">link</a>
and some </em></p>
those. the tags are in order (closed, in the correct order), the script tag has been removed, and therefore has the onclick attribute of the link.
source to share