- htmlentities: documentation ( source)
- trigger_error: documentation ( source)
<?php
function safehtml ($str) {
if (isset($GLOBALS['encoding'])) {
$encoding = $GLOBALS['encoding'];
} else {
$encoding = 'ISO-8859-1';
}
if (defined("ENT_XHTML")) {
$newstr = htmlentities($str, ENT_COMPAT | ENT_XHTML, $encoding); // FIND-PHP-IGNORE-LINE-P$
} else {
$newstr = htmlentities($str, ENT_COMPAT, $encoding); // FIND-PHP-IGNORE-LINE-PAUL
}
if (strlen($str) !== 0 && strlen($newstr) === 0) {
trigger_error('safehtml returned blank string. Input: "'.$str.'"');
}
return $newstr;
}
echo safehtml("'';!--\"<XSS>=&{()}");
?>