Escaping against XSS in PHP
In content:
Escaped values:
function escapeMarkup($string) {
if (function_exists('mb_encode_numericentity')) {
$convmap = array(0x0,0x2FFFF,0,0xFFFF);
return mb_encode_numericentity($string, $convmap, 'UTF-8');
} else {
return htmlentities($string, ENT_QUOTES, 'UTF-8');
}
}
Footnote: The example string used here comes from RSnake's
XSS Cheat Sheet.