фильтр для html (защита от XSS, скриптов и прочего). Использовать при сохранении пользовательского html.

Из фич - приведение текста к "стандартизированному" виду.
Недостатки: кушает память

HTML Purifier - Filter your HTML the standards-compliant way!

Background There are a number of open-source HTML filtering solutions out there on the web already. What sets HTML Purifier apart from them? Aren't all of these choices “secure”? When it comes to HTML, attention to detail is key. Does it perform its filtering off a whitelist rather than an out-of-date blacklist? Does it filter every attribute in the document? Does it actually understand HTML? Know thy enemy. Hackers have a huge arsenal of XSS vectors hidden within the depths of the HTML specification. HTML Purifier is effective because it decomposes the whole document into tokens and removing non-whitelisted elements, checking the well-formedness and nesting of tags, and validating all attributes according to their RFCs. HTML Purifier's comprehensive algorithms are complemented by a breadth of knowledge, ensuring that richly formatted documents pass through unstripped. To my knowledge, there is nothing else in the wild that offers protection from XSS, standards-compliance, and corrective processing of poorly formed HTML. But don't take my word for it: do your research and try out the demo. To find out more, you can read the Comparison for a analysis of HTML Purifier and the other major filters. [Y]ou save my day by allowing me not to write another damned HTML parser.