How does Facebook strip html/apostrophes for XSS but also display it?
I’m not quite sure if this is a question for programmers.se rather than stackoverflow, but here goes. So Facebook [or any other large company] when given something like an apostrophe or html, can strip it of its malicious intent, but still display it properly. My current sanitizing function in PHP just strips those characters/makes them harmless via htmlentities() and such. So if I wrote an HTML tag, I would want it to be sanitized but also displayed on the website. How do I do this?
How to escape regexes and paths in double quote strings without going crazy?
It often happens that after designing my regexp (on regex101.com) I want to paste it in my program. Consider this regexp that matches numbers and string (but keep in mind this is general question!):