Html purifier YII 1

CHtmlPurifier is wrapper of HTML Purifier.

 

CHtmlPurifier removes all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist. It will also make sure the resulting code is standard-compliant.

In your model

public function rules() {
 return array(array('name, text','check_html'));

}

public function check_html($obj, $param) {
        $value = strip_tags($this->$obj);
        $p = new CHtmlPurifier();
        $output = $p->purify($value);
        $htmlentity = htmlspecialchars($output, ENT_QUOTES);
        $htmlentity_new = str_replace("amp;amp;", "amp;", $htmlentity);
        $this->$obj = $htmlentity_new;
    }

for more details : CHtmlPurifier


Pankaj Singh Sugara