It's certainly an improvement over people trying to homebrew their own sanitisers. But that distinction of being XSS-safe is a potentially subtle one, and could end up being dangerous if people don't carefully consider whether XSS-safe is good enough when they're handling arbitrary users input like that.
replyAlso has made me nervous for years that there's been no schema against which one can validate HTML. "You want to validate? Paste your URL into the online validation tool."
replyThis help? https://github.com/validator/validator
replyBut for html snippets you can pretty much just check that tags follow a couple simple rules between <> and that they're closed or not closed correctly.
That app does look helpful!
reply