3v4l.org

run code in 300+ PHP versions simultaneously
<?php /** * @param string $str the string to encode and parse for URLs */ function preventXssAndParseAnchors(string $str): string { $url_regex = "/\b((https?:\/\/?|www\.)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/)))/"; // Encoding HTML special characters To prevent XSS // Before parsing the URLs to Anchors $str = htmlspecialchars($str, ENT_QUOTES, 'UTF-8'); preg_match_all($url_regex, $str, $urls); foreach ($urls[0] as $url) { $str = str_replace($url, "<a href='$url'>$url</a>", $str); } return $str; } $str = " apply here https://ph.dbsd.com/job/dfvdfg/5444 <script> console.log('this is a hacking attempt hacking'); </script> and www.google.com also http://somesite.net "; echo preventXssAndParseAnchors($str);
Output for 7.4.0 - 7.4.33, 8.0.1 - 8.0.30, 8.1.0 - 8.1.34, 8.2.0 - 8.2.30, 8.3.0 - 8.3.30, 8.4.1 - 8.4.18, 8.5.0 - 8.5.3
apply here <a href='https://ph.dbsd.com/job/dfvdfg/5444'>https://ph.dbsd.com/job/dfvdfg/5444</a> &lt;script&gt; console.log(&#039;this is a hacking attempt hacking&#039;); &lt;/script&gt; and <a href='www.google.com'>www.google.com</a> also <a href='http://somesite.net'>http://somesite.net</a>
preferences:
70.44 ms | 1308 KiB | 4 Q