Validate html entities and lack of it
Validate existing html entities, e.g &
should be allowed but &foo;
should not. This helps catching missing &
, e.g. Lorem&Ipsum
is should be Lorem&Ipsum
.
Trigger errors on stray characters that should be escaped such as &
, <
and >
.
Should validate text and attributes.
Examples
Incorrect:
&foobar;
Lorem&Ipsum
<p attr="&">
Correct:
&
Lorem&Ipsum
<p attr="&">
Options
- Allow numeric? Allow named?
- Customize character list for text and attributes?