hossein_xxxx
New Member
I'm using HTML Purifier, a PHP "filter that guards against XSS and ensures standards-compliant output," to sanitize/standardize user-inputted markup. This is an example of the user-inputted markup:\[code\]<font face="'Times New Roman', Times">TEST</font>\[/code\]which generates:\[code\]<span style="font-family:"Times New Roman", Times;">TEST</span>\[/code\]I'm a bit confused, because \[code\]"\[/code\] isn't even the escape char for a single quote. What's the best practice here since I'm going to be using this user generated content later?
- Leave as is
- Replace all \[code\]"\[/code\] with \[code\]\'\[/code\] after purifier executes
- Configure HTML Purifier differently
- Something else?