good project!!
but, I find this rule will cause false positives:
(r"<[^>]*'[^>']*%(chars)s[^>']*'[^>]*>", ('\'',), "\"<.'.xss.'.>\", inside the tag, inside single-quotes, %(filtering)s filtering", r"(?s)<script.+?</script>|<!--.*?-->")
egg:
demo.php:
<?php
$input= str_replace("\"", """ ,$_GET['xss']);
$input=str_replace(">","<",$input);
$input=str_replace("<",">",$input);
echo '<meta name="description" content="';
print($input);
echo '#23578';
print($input);
echo '#23578';
print($input);
echo '#23578"/>';
?>

for help~
good project!!
but, I find this rule will cause false positives:
egg:
demo.php:
for help~