validating untrusted HTML input do I have to process each input?

validating untrusted HTML input do I have to process each input?

For Cross-site_scripting vulnerabilities
1)is it a good idea to validate and escape each and every one of the user
inputs
2)is using strip_tags good enough and what's the benefit of htmlpurifier
over it?