Use with a Javascript- and cookie-enabled, relatively new version of a common browser.
You can use text from
this collection of test-cases in the input. Set the character encoding of the browser to Unicode/utf-8 before copying.
For anti-XSS tests, try the
special test-page or see
these results.
Change Encoding to reflect the character encoding of the input text. Even then, it may not work or some characters may not display properly because of variable browser support and because of the form interface. Developers can write some PHP code to capture the filtered input to a file if this is important.
Refer to the htmLawed documentation (htm/txt) for details about Settings, and htmLawed's behavior and limitations. For Settings, incorrectly-specified values like regular expressions are silently ignored. One or more settings form-fields may have been disabled. Some characters are not allowed in the Spec field.
Hovering the mouse over some of the text can provide additional information in some browsers.
Because of character-encoding issues, the W3C validator (anyway not perfect) may reject validation requests or invalidate otherwise-valid code, esp. if text was copy-pasted in the input box. Local applications like the HTML Validator Firefox browser add-on may be useful in such cases.