Partially escape user entered text?


We allow html input from users that needs to be redisplayed back to
the user. I settled on using It's
the only open source 'package' that I could find. There's lots of
articles and ideas on the net on how to do it, but I wanted something
I didn't need to maintain. Just remember that an XSS style attacks is
a never ending battle. New vulnerabilities are constantly being
discovered, so don't expect this to be a drop in and forget it

Although it's php based, I ended up wrapping it behind an object that
simply shells out and runs a php command line script that takes the
html on stdin and gives back the cleaned html on stdout.