Hi i’ve noticed if I want to sanitize tinymce html text using html purify I need to decode the html entity fist setting the string in the following way
$inbox_message_body = html_entity_decode($_POST['messagebody']);
And then i can purify it with html purify in this way
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_inbox_message_body = $purifier->purify($inbox_message_body);
$clean_inbox_message_subject = $purifier->purify($inbox_message_subject);
Is this the right approach? I believe html purify is better than tinymce because for example it does strip the tang all is content.