Fluid ViewHelper integrating HTMLPurifier to sanitize/tidy HTML output

composer.json

{
    "name": "your/package",
    "type": "typo3-flow-package",
    "description": "<some description>",
    "require": {
        "typo3/flow": "~2.3",
        "ezyang/htmlpurifier": "~4.6"
    },
    "autoload": {
        "psr-0": {
            "Your\\Package": "Classes"
        }
    }
}

PurifyViewHelper.php

<?php
namespace Your\Package\ViewHelpers\Format;

use TYPO3\Flow\Annotations as Flow;
use TYPO3\Fluid\Core\ViewHelper\AbstractViewHelper;

/**
 * ViewHelper rendering the given HTML string through HTMLPurifier
 */
class PurifyViewHelper extends AbstractViewHelper {

	/**
	 * @var boolean
	 */
	protected $escapeChildren = FALSE;

	/**
	 * @var boolean
	 */
	protected $escapeOutput = FALSE;

	/**
	 * @param string $value The HTML string to purify. If NULL the child nodes will be used as value
	 * @return string The purified HTML string
	 */
	public function render($value = NULL) {
		if ($value === NULL) {
			$value = $this->renderChildren();
		}

		$purifierConfiguration = \HTMLPurifier_Config::createDefault();

		// TODO adjust purifier configuration (possibly from settings, to make configurable)

		$purifier = new \HTMLPurifier($purifierConfiguration);
		return $purifier->purify($value);
	}
}

SomeTemplate.html

{someHtml -> your.package:format.purify()}

NOTE: The Flow ClassLoader seems to have issues with certain 3rd party packages. If you get an error execute composer install -o to optimize the composer autoload files

NOTE2: If you use Flow 2.x you'll have to manually exclude HTMLPurifier classes from being proxied:

TYPO3:
  Flow:
    object:
      excludeClasses:
        'ezyang.htmlpurifier' : ['.*']

With Flow 3.0+ this is the default for non-flow packages