This plugin provides alternative support to HTMLawed for filtering user input.  It is supposedly more secure, but also probably slower.  That means you should be able to safely disable the HTMLawed plugin as long as you enable this one.  Of course, it would be wise to TEST THIS PLUGIN BEFORE RELYING ON IT to make sure I didn't make a mistake that leaves your site vulnerable.

This plugin ships with the default configuration of HTMLPurifier. If you'd like to customize this configuration in an upgrade-safe way, you can use the provided plugin hook like so:

elgg_register_plugin_hook_handler('config', 'htmlpurifier', 'foo');

function foo($hook, $type, $config) {    $config->set(...);     return $config; }

See http://htmlpurifier.org for details about configuring HTML Purifier as well as comparisons with other filtering tools.

Features

• Discourage spam by adding rel=nofollow to links
• Protect your site by filtering user input for XSS and other attacks
• Clean up user input to keep your pages HTML valid

Release notes:

Now configured by default to add rel=nofollow to links.