set('Core', 'Encoding', 'ISO-8859-1'); //replace with your encoding $config->set('Core', 'XHTML', true); // set to false if HTML 4.01 $purifier = new HTMLPurifier($config); // untrusted input HTML $html = 'Simple and short'; $pure_html = $purifier->purify($html); echo '
' . htmlspecialchars($pure_html) . '
'; ?>