1.3.0 released. Lots of goodies:
* (X)HTML Strict now supported
* You can arbitrarily define which elements and attributes to allow by using %HTML.AllowedElements and %HTML.AllowedAttributes.
* Invalid images are now removed, rather than replaced with dud <img src="" alt="Invalid image" /> image (which still results in an extra HTTP request). Revert to previous behavior by setting %Core.RemoveInvalidImg to false.
* Rudimentary URI host blacklisting implemented with %URI.HostBlacklist.
* New directive %URI.Munge, munges URI so you can use some sort of redirector service to avoid PageRank leaks or warn users that they are exiting your site.
* <li value="4"> and <ul start="2"> now allowed in loose mode.
* These new configuration directives: %HTML.BlockWrapper, %HTML.Parent, %URI.DisableExternalResources, %URI.DisableResources and %Attr.DisableURI. Find about these options and more at the configuration documentation.
d11wtq, since you use HTML Purifier for cleaning up emails, you may be especially interested in
%URI.DisableResources, i.e. blocking external images.