PHP Markdown XSS Sanitizer

Question

I\'m looking for a simple PHP library that helps filter XSS vulnerabilities in PHP Markdown output. I.E. PHP Markdown will parse things such as:

[XSS Vulnera         


        

Answer 1

HTMLPurifier is a fine answer and perhaps the most robust solution.

It is also possible to use Markdown in a relatively safe way, but you have to use it in the right way. For details on how to use Markdown securely, look here. See the link for details about how to use it safely, but the short version is: it is important to use the latest version, to set safe_mode, and to set enable_attributes=False.