Security

Escaping HTML and XSS

It is the responsibility of the library client to escape HTML to avoid XSS. This library itself will not alter its input.

Disable Entity Loader

You may want to choose to disable external entities.

libxml_disable_entity_loader(true);

For more information, see PHP Security Injection Attacks