3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
<?php $encoded = htmlentities("Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!"); $decoded = html_entity_decode($encoded); echo "This is what's sent in the html source... so the browser doesn't actually recognize it as a script."; echo $encoded; echo "This is what it looks like on screen to the user."; echo $decoded; ?>
Output for 4.3.0 - 5.6.28, hhvm-3.10.0 - 3.12.0, 7.0.0 - 7.1.0
This is what's sent in the html source... so the browser doesn't actually recognize it as a script.Hey I am a nefarious hacker! Look at my brackets! &lt;script&gt;HAHAHA&lt;/script&gt;!This is what it looks like on screen to the user.Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!