<?php
class Renderer {
function render(array $_data) {
// normally you'd have some file you'd render from...
$_data = $this->escapeData($_data);
extract($_data, EXTR_SKIP);
return <<<LIST
{$foo}\n
{$bar}\n
{$baz}\n
LIST;
}
private function escapeData(array $data) {
$safe = [];
foreach ($data as $var => $value) {
if (is_array($value)) {
$safe[$var] = $this->escapeData($value);
} else {
$safe[$var] = htmlspecialchars($value);
}
}
return $safe;
}
}
$renderer = new Renderer();
$unsafe = ['foo' => '<script>alert("xss");</script>', 'bar' => '<b>something</b>', 'baz' => '<i>foo</i>'];
echo $renderer->render($unsafe);
- Output for 5.4.0 - 5.4.45, 5.5.24 - 5.5.35, 5.6.8 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.20, 7.2.0 - 7.2.33, 7.3.16 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.27, 8.2.0 - 8.2.17, 8.3.0 - 8.3.4
- <script>alert("xss");</script>
<b>something</b>
<i>foo</i>
- Output for 5.1.0 - 5.1.1, 5.1.3 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29
- Parse error: syntax error, unexpected '[' in /in/6lcUt on line 18
Process exited with code 255. - Output for 5.1.2
- Parse error: syntax error, unexpected '[' in /in/6lcUt on line 19
Process exited with code 255. - Output for 5.0.0 - 5.0.5
- Parse error: parse error, unexpected T_ARRAY, expecting '&' or T_VARIABLE in /in/6lcUt on line 5
Process exited with code 255. - Output for 4.4.2 - 4.4.9
- Parse error: syntax error, unexpected T_ARRAY, expecting ')' in /in/6lcUt on line 5
Process exited with code 255. - Output for 4.3.0 - 4.3.1, 4.3.5 - 4.3.11, 4.4.0 - 4.4.1
- Parse error: parse error, unexpected T_ARRAY, expecting ')' in /in/6lcUt on line 5
Process exited with code 255. - Output for 4.3.2 - 4.3.4
- Parse error: parse error, expecting `')'' in /in/6lcUt on line 5
Process exited with code 255.
preferences:
211.88 ms | 401 KiB | 308 Q