<?php
$encoded = htmlentities("Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!");
$decoded = html_entity_decode($encoded);
echo "This is what's sent in the html source... so the browser doesn't actually recognize it as a script.";
echo $encoded;
echo "This is what it looks like on screen to the user.";
echo $decoded;
?>
This is what's sent in the html source... so the browser doesn't actually recognize it as a script.Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!This is what it looks like on screen to the user.Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!