Great question BTW.
I too am in a situation where I have a site with a WYSIWYG going live soon and I don't know what to do either. In fact I had decided not to use HTML purifier, but might back track on that a bit, as on rereading it is actually looking very good.
For now I scan myself for common variants of things I do not want included. But that turned out to be a hopeless task as I am nowhere near as clever as the people trying to break the site (or as stupid as some of my users).
So, following your post and subsequent 'rethink' I am going to use html purifier too, but in the meantime just wanted to share that I too have this issue and have no idea what to do about it, as in this instance I don't see how I can not use a WYSIWYG solution. I think HTML purifier is the best there is at the moment.
Best wishes,
Paul
PS Which WYSIWIG did you choose?
