PHP XSS Prevention WhiteListing

My site utilizes a WYSIWYG editor for users to update their accounts,enter comments, and send private messages.

The editor (CKEditor) is great for only allowing users to enter valid input, but I worry about injection through TamperData or other means.

How can I control this on the server side?

I need to whitelist specific tags: <b><ul><ol><a><img><br>, will this be a SAFE approach to preventing XSS?

Solution

Use HTML Purifier:

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist.

Laravel retrieving data from REST API
PHP round to integer
Is there something like for i in range(length) in PHP?
Redirecting mobile users according to their OS
Show only featured products in Woocommerce shop page
create regex to match format of 00:00:00 for duration (not time)
How can I figure out why cURL is hanging and unresponsive?
Composer Curl error 60: SSL certificate problem: unable to get local issuer certificate
PHP encrypt and decrypt in node JS
Expand PHP Stack Trace Arguments
Internal server error when trying to send an email using Microsoft Graph API
How to identify if an option was supplied without a value with Symfony Console?
case-insensitive array_unique
Get environment value in controller
What are my options to check for viruses on a PHP upload?
Increasing the chance on a daily basis
Different results for function() and fn(). PHP
Sorting an array of directory filenames in descending natural order
How to modify the php source code and recompile it?
How can i automatically insert the current user_id after submitting a form in Filament v3.0
Magento 2 URL rewrite Issue : URL key already exists for specified store
Is there an easy way of seeing PHP info?
Group 2d array of dates and values by contiguous dates with the same value
Laravel Socialite dynamic server url for provider?
Fatal error: Using $this when not in object context but everything looks fine
wordpress plugin : Call to undefined function add_menu_page()
Populate a 2d array with qualifying data from a multi-line txt file containing comma-separated values
How to parse an ini-formatted string into an associative array?
Split string by new line characters
Extending singletons in PHP