20 Nov 2009 1:42 AM #23
Cleaning up html on entry from the client-side is not the right way to go I think. The big point of cleaning it up is to avoid security issues, and nothing you do client-side on input actually matters security-wise. We use htmlpurifier on the server to clean up html code. We also don't trust anything in the database and always html-encode all output, but we have to html-encode on the client because our server has to be platform-agnostic.