My ubbcode engine
I have stated on a ubb code engine that will be totaly free from strange parser errors that leads to cross site scripting vulnerabilities. I am to do it by first parsing the code and then when everything is parsed into abstract objects, it will render it. Since it completly parsers everything into objects, it can not be tricked by abusing the normal sustition algortm order that most other ubb code engines uses. Instead, my engine properly escapes every pice of data in the objects created by the parser part. This makes sure no html or other dangerous data can slip trught.
My engine got support for dynamic data in both atteributes and as the textual content.
Take a peek
You can download and read the parts of the engine that have been finished.
