Encoded entities can be used to bypass safety checks Don't remove iframe when using xml_dom to balance tags
