Topic: A response to a Bugtraq note
Re: Bugtraq: Vulnerabilities in kses-based HTML filters (http://seclists.org/bugtraq/2008/Apr/0028.html)
This is an objection to your mentioning HTML Purifier as the 'preferred solution,' even if this is inconsequential.
If CSS validation is a plus point worth mentioning, then do note HTML Purifier's negative aspects, including incomplete coverage of HTML, slow speed and high memory consumption, and incompatibility with PHP 4. (And poor documentation.)
Filters like HTML Purifier and htmLawed are not end-user tools. They are utilities that are used internally by code developers. Disallowing 'dangerous HTML' is therefore not something that a developer would miss when writing the code that would call the htmLawed library. So the 'secure default settings' is really an insignificant matter.