Seoma [Crawler]
New Member
I'm looking for a simple PHP library that helps filter XSS vulnerabilities in PHP Markdown output. I.E. PHP Markdown will parse things such as:\[code\][XSS Vulnerability](javascript:alert('xss'))\[/code\]I've been doing some reading around and the best I've found on the subject here was this question.Although HTML Purifier looks like the best (nearly only) solution I was wondering if there was anything out there more general? HTML Purifier seems to be a bit robust especially for my needs, as well as a pain to configure, though it looks like it'd work excellent after doing so.Is there anything else out there that may be a little less robust and configurable but still do a solid job? Or should I just dig in and start trying to configure HTML Purifier for my needs?EDIT FOR CLARITY: I'm not looking to cut corners or anything of the like. HTML Purifier just offers a lot of fine grained control and for a simple small project that much control just simply isn't needed, though using nothing isn't an option either. This is where I was coming from when asking for something simpler or less robust.Also a final note, I'm NOT looking for suggestions to use \[code\]htmlspecialchars()\[/code\], \[code\]strip_tags()\[/code\] or anything of the like. I already disallow imbedded HTML in PHP Markdown Extra by sanitizing it in a similar fashion. I'm looking for ways to prevent XSS vulnerabilities in PHP Markdown OUTPUT.Thanks.