- mb_regex_encoding: documentation ( source)
- htmlspecialchars: documentation ( source)
- mb_ereg_replace: documentation ( source)
<?php
$x = "\xC2<script+%C2>alert(1);//%C2</script+%C2>";
function mb_htmlescape($s) {
mb_regex_encoding('UTF-8');
$s = mb_ereg_replace('&', '&', $s);
$s = mb_ereg_replace('<', '<', $s);
$s = mb_ereg_replace('>', '>', $s);
$s = mb_ereg_replace('"', '"', $s);
return $s;
}
echo mb_htmlescape($x);
echo htmlspecialchars($x);