There are a couple posts about this but I don't see any that answer this simple question. If I have a user inputted field (ckeditor) that has html. I would like to sanitize this field before it is displayed on frontend so that only certain tags are supported. Example. strong,b
native php function strig_tags fails to do this securely as you can find strings that prove it fails to do this correctly.
I see there is an html purifier package, but is this secure? Has this ever been defeated before? According to their docs they don't even support html5 doctypes so that doesn't give me confidence.