I have been using PDO for my database stuff recently, and know that it does help in preventing SQL injections. However, I also want to prevent the possibility of data containing XSS code.
Using strip_tags() or htmlentities() (or any other function like those) is not a possibility. The content is coming from TinyMCE, and thusly needs to have HTML in place.
Is there anything anyone can recommend? This should be able to stand alone (i.e. not part of some framework). Just a simple class that I can drop into my project would be nice.
