htmlentities displaying html safely

I have data that is coming in from a rss feed. I want to be safe and use htmlentities but then again if I use it if there is html code in there the page is full of code and content. I don't mind the formatting the rss offers and would be glad to use it as long as I can display it safely. I'm after the content of the feed but also want it to format decently too (if there i开发者_运维知识库s a break tag or paragraph or div) Anyone know a way?

Do you want to protect from XSS in the feed? If so, you'll need an HTML sanitizer to run on the HTML prior to displaying it:

1. HTMLSanitizer
2. HTMLPurifier

If you just want to escape whatever is there, just call htmlspecialchars() on it. But any HTML will appear as escaped text...

You can use the strip_tags tags function and specify the allowed tags in there:

echo strip_tags($content, '<p><a>');

This way any tag not specified in allowed tags will be removed.

You can transform the HTML into mark down and then back up again using various libraries.