Is Markdown (with strip_tags) sufficient to stop XSS attacks?

Question

I\'m working on a web application that allows users to type short descriptions of items in a catalog. I\'m allowing Markdown in my textareas so users can do some HTML format

Answer 1

I agree with Pascal MARTIN that HTML Sanitization is a better approach. If you want to do it entirely in JavaScript I suggest taking a look at google-caja's sanitization library (source code).