3v4l.org

run code in 500+ PHP versions simultaneously
<?php $allowed = array("img", "p","style"); $text='<img src="image.gif" onerror="myFunction()" style="background:red" onclick="myFunction()"> <p>A function is triggered if an error occurs when loading the image. The function shows an alert box with a text. In this example we refer to an image that does not exist, therefore the onerror event occurs.</p> <div>a sample div with a <span>span in it</span></div> <p>a sample para with a <span>span in it</span></p> <script> function myFunction() { alert(\'The image could not be loaded.\'); } </script>'; $doc = new DOMDocument(); $doc->loadHTML($text); $xp = new DOMXPath($doc); $find = '//body//*[not(name() = "'.implode ('" or name() = "', $allowed ). '")]'; echo "XPath = ".$find.PHP_EOL; $toRemove = $xp->evaluate($find); print_r($toRemove); foreach ( $toRemove as $remove ) { $remove->parentNode->removeChild($remove); } // recreate HTML $outHTML = ""; foreach ( $doc->getElementsByTagName("body")[0]->childNodes as $tag ) { $outHTML.= $doc->saveHTML($tag); } echo $outHTML; 
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 77) Position 1 = 27, Position 2 = 33
Branch analysis from position: 27
2 jumps found. (Code = 78) Position 1 = 28, Position 2 = 33
Branch analysis from position: 28
1 jumps found. (Code = 42) Position 1 = 27
Branch analysis from position: 27
Branch analysis from position: 33
2 jumps found. (Code = 77) Position 1 = 41, Position 2 = 47
Branch analysis from position: 41
2 jumps found. (Code = 78) Position 1 = 42, Position 2 = 47
Branch analysis from position: 42
1 jumps found. (Code = 42) Position 1 = 41
Branch analysis from position: 41
Branch analysis from position: 47
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 47
Branch analysis from position: 33
filename:       /in/1RR3A
function name:  (null)
number of ops:  50
compiled vars:  !0 = $allowed, !1 = $text, !2 = $doc, !3 = $xp, !4 = $find, !5 = $toRemove, !6 = $remove, !7 = $outHTML, !8 = $tag
line      #* E I O op                               fetch          ext  return  operands
-----------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                       !0, <array>
    4     1        ASSIGN                                                       !1, '%3Cimg+src%3D%22image.gif%22+onerror%3D%22myFunction%28%29%22+style%3D%22background%3Ared%22+onclick%3D%22myFunction%28%29%22%3E%0A%0A%3Cp%3EA+function+is+triggered+if+an+error+occurs+when+loading+the+image.+The+function+shows+an+alert+box+with+a+text.%0AIn+this+example+we+refer+to+an+image+that+does+not+exist%2C+therefore+the+onerror+event+occurs.%3C%2Fp%3E%0A%0A%3Cdiv%3Ea+sample+div+with+a+%3Cspan%3Espan+in+it%3C%2Fspan%3E%3C%2Fdiv%3E%0A%3Cp%3Ea+sample+para+with+a+%3Cspan%3Espan+in+it%3C%2Fspan%3E%3C%2Fp%3E%0A%3Cscript%3E%0Afunction+myFunction%28%29+%7B%0A++alert%28%27The+image+could+not+be+loaded.%27%29%3B%0A%7D%0A%3C%2Fscript%3E'
   17     2        NEW                                                  $11     'DOMDocument'
          3        DO_FCALL                                          0          
          4        ASSIGN                                                       !2, $11
   18     5        INIT_METHOD_CALL                                             !2, 'loadHTML'
          6        SEND_VAR_EX                                                  !1
          7        DO_FCALL                                          0          
   19     8        NEW                                                  $15     'DOMXPath'
          9        SEND_VAR_EX                                                  !2
         10        DO_FCALL                                          0          
         11        ASSIGN                                                       !3, $15
   20    12        FRAMELESS_ICALL_2                implode             ~18     '%22+or+name%28%29+%3D+%22', !0
         13        CONCAT                                               ~19     '%2F%2Fbody%2F%2F%2A%5Bnot%28name%28%29+%3D+%22', ~18
   21    14        CONCAT                                               ~20     ~19, '%22%29%5D'
   20    15        ASSIGN                                                       !4, ~20
   22    16        CONCAT                                               ~22     'XPath+%3D+', !4
         17        CONCAT                                               ~23     ~22, '%0A'
         18        ECHO                                                         ~23
   23    19        INIT_METHOD_CALL                                             !3, 'evaluate'
         20        SEND_VAR_EX                                                  !4
         21        DO_FCALL                                          0  $24     
         22        ASSIGN                                                       !5, $24
   24    23        INIT_FCALL                                                   'print_r'
         24        SEND_VAR                                                     !5
         25        DO_ICALL                                                     
   25    26      > FE_RESET_R                                           $27     !5, ->33
         27    > > FE_FETCH_R                                                   $27, !6, ->33
   26    28    >   FETCH_OBJ_R                                          ~28     !6, 'parentNode'
         29        INIT_METHOD_CALL                                             ~28, 'removeChild'
         30        SEND_VAR_EX                                                  !6
         31        DO_FCALL                                          0          
   25    32      > JMP                                                          ->27
         33    >   FE_FREE                                                      $27
   30    34        ASSIGN                                                       !7, ''
   31    35        INIT_METHOD_CALL                                             !2, 'getElementsByTagName'
         36        SEND_VAL_EX                                                  'body'
         37        DO_FCALL                                          0  $31     
         38        FETCH_DIM_R                                          ~32     $31, 0
         39        FETCH_OBJ_R                                          ~33     ~32, 'childNodes'
         40      > FE_RESET_R                                           $34     ~33, ->47
         41    > > FE_FETCH_R                                                   $34, !8, ->47
   32    42    >   INIT_METHOD_CALL                                             !2, 'saveHTML'
         43        SEND_VAR_EX                                                  !8
         44        DO_FCALL                                          0  $35     
         45        ASSIGN_OP                                         8          !7, $35
   31    46      > JMP                                                          ->41
         47    >   FE_FREE                                                      $34
   34    48        ECHO                                                         !7
   35    49      > RETURN                                                       1

Generated using Vulcan Logic Dumper, using php 8.5.0

preferences:
159.62 ms | 2115 KiB | 14 Q