I’m using the PHP Markdown script available here: http://michelf.com/projects/php-markdown/ I noticed today that if

Question

0

Editorial Team

Asked: May 24, 20262026-05-24T22:41:32+00:00 2026-05-24T22:41:32+00:00

I’m using the PHP Markdown script available here: http://michelf.com/projects/php-markdown/ I noticed today that if

0

I’m using the PHP Markdown script available here: http://michelf.com/projects/php-markdown/

I noticed today that if someone posts a message containing text like:

>>>>>>>>>>>>>>>>>> Hello World <<<<<<<<<<<<<<<<<<<<

…Xdebug will produce a fatal error due to in excess of 100 nested function calls. I then realized that pretty much any markdown syntax can be abused in this way – in many cases inadvertently.

I fixed the problem by replacing instances of >>>> with >\>\>\>, but that doesn’t seem like an adequate solution at all.

Has anyone come across this? Is there a better PHP script for formatting Markdown?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T22:41:32+00:00

With Markdown the normal route is to make sure you have good HTML sanitization applied afterward, and then add hacks as necessary. For the >>>>> a simple hack would be:

preg_replace_callback("|>{5,}|", function($match) { 
    return preg_replace('|.|', '\>', $match[0]);
}, $input);

This adds a backslash to escape sequences of > that are five or more characters long.

Thankfully there are efforts to write more solid Markdown parsers. One such effort is Sundown, based on Upskirt, which is in C but has a PHP extension: https://github.com/chobie/php-sundown

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using the PHP Markdown script available here: http://michelf.com/projects/php-markdown/ I noticed today that if

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply