Several tools (mostly classes) give PHP applications the ability to strip bad HTML, enforce XHTML compliance, and more. These tools include Cyberai InputFilter, Deric Rethans filter, HTML Filter for PHP, HTML_Safe, kses, and Safe HTML checker. This comparison shows some of the important differences.

HTML Filters

Configuration

Form Fields

Additional

Class / Tool

License

Tags

Attributes

Whitelist

Blacklist

Dynamic

All

Single

XSS

SQL Injection

Logic

Max Len / Value

Compliance

Cyberai InputFilter

GPL

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

Tags, Attributes

Deric Rethans filter

PHP

(Yes)

(Yes)

(Yes)

Yes

No

Yes

No

No

Yes

No

No

HTML Filter for PHP

LGPL

Yes

Yes

Yes

No

No

No

Yes

No

No

No

No

Validation?

HTML_Safe

BSD

Yes

Yes

Yes

Yes

No

No

Yes

No

No

No

No

Tags

kses

GPL

Yes

Yes

Yes

No

Yes

No

Yes

No

No

No

Yes

Attributes

Safe HTML checker

?

Yes

Yes

Yes

No

No

No

Yes

No

No

No

No

Tags

Configuration
Tags and Attributes includes the ability to specify which tags and attributes are allowed (whitelist) or disallowed (blacklist).
Dynamic represents the ability to dynamically configure which tags / attributes are allowed

Form fields – can the tool process all form fields and / or a single field.  Though all forms fields is convenient, it may be necessary not to process specific field (e.g. Fields that contain html special characters text)

Additional
XSS – includes features for blocking cross site scripting attacks
SQL Injection – includes features for blocking SQL injection attacks
Logic – includes features for validating fields (e.g. email address, URL, etc.)
Max Len / Value – supports checking attribute values for minimum/maximum length and minimum/maximum value, to protect against Buffer Overflows and Denial of Service attacks against WWW clients and various servers
Compliance – enforces W3C / XHTML compliance with tags (requires open and close), attributes (requires double quotes)