@ 2014-07-13T11:47:48Z <?php
define("TYPE_HTML_TEXT",1);
define("TYPE_NUMBER", 2);
define("TYPE_BOOLEAN", 3);
define("TYPE_SCRIPT", 4);
define("TYPE_BINARY", 5);
define("TYPE_URL", 6);
define("TYPE_LIST_ITEM", 7);
define("TYPE_LIST", 8);
define("TYPE_COLOR", 9);
define("TYPE_CSS_ATTR", 10);
define("TYPE_CSS_ATTR_COLOR", 11);
define("TYPE_CSS_ATTR_SIZE", 12);
define("TYPE_CSS_CUSTOM", 13);
define("TYPE_SIZE", 14);
define("TYPE_CDATA", 15);
define("TYPE_CONFIG", 16);
define("TYPE_HTML_MARKUP", 17);
$ESCAPE_PROPERTIES = true;
/**
* ord() alternative that works with UTF8 characters
* @param string $c
*
* @return int UTF-8 character code value
*/
function getUTF8CharCode($c) {
$h = ord($c{0});
if ($h <= 0x7F) {
return $h;
} else if ($h < 0xC2) {
return false;
} else if ($h <= 0xDF) {
return ($h & 0x1F) << 6 | (ord($c{1}) & 0x3F);
} else if ($h <= 0xEF) {
return ($h & 0x0F) << 12 | (ord($c{1}) & 0x3F) << 6
| (ord($c{2}) & 0x3F);
} else if ($h <= 0xF4) {
return ($h & 0x0F) << 18 | (ord($c{1}) & 0x3F) << 12
| (ord($c{2}) & 0x3F) << 6
| (ord($c{3}) & 0x3F);
} else {
return -1;
}
}
/**
* Escape a single character for CSS context.
* @param $c
* @return string
*/
function escapeCSSCharacter($c) {
return "\\" . base_convert(getUTF8CharCode($c), 10, 16) . " ";
}
/**
* Escape CSS rule
*
* @param string $data The CSS rule
* @param array $immuneChars Array of immune character. These characters will not be escaped.
*
* @return string Escaped string
*/
function escapeCSSValue($data, array $immuneChars = array()) {
$result = "";
for ($i = 0; $i < mb_strlen($data); $i++) {
$currChar = mb_substr($data, $i, 1);
if (getUTF8CharCode($currChar) < 256 && //Character with ASCII value of 255 or less are dangerous!
!preg_match("/^\w$/", $currChar) && //Alphanumeric and underscores are safe.
!in_array($currChar, $immuneChars) //Immune characters are safe.
) {
$result .= escapeCSSCharacter($currChar);
}
else {
$result .= $currChar;
}
}
return $result;
}
function encodeJSONProperty($type, $value, $raw = false) {
global $ESCAPE_PROPERTIES;
if ($raw || !$ESCAPE_PROPERTIES) { //$raw == true means to explicitly not escape.
//$ESCAPE_PROPERTIES is the feature flag. True means we want escaping.
return $value;
}
switch ($type) {
case TYPE_HTML_TEXT:
return htmlspecialchars($value);
case TYPE_CONFIG:
case TYPE_LIST_ITEM:
case TYPE_LIST:
case TYPE_HTML_MARKUP:
return $value;
case TYPE_NUMBER:
return (int)$value;
case TYPE_BOOLEAN:
return stristr($value, "true") != false;
case TYPE_SCRIPT:
return new JSONFunction($value);
case TYPE_URL:
return urlencode($value);
case TYPE_COLOR:
case TYPE_SIZE:
return escapeCSSValue($value, array("#", ",", ".", "(", ")", "-", "%", "*", "+", "=", "/"));
}
}
echo encodeJSONProperty(TYPE_NUMBER, "<script src='evil.js'>Evil</script>");
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Output for 8.0.0 - 8.0.30 , 8.1.0 - 8.1.28 , 8.2.0 - 8.2.18 , 8.3.0 - 8.3.6 Fatal error: Array and string offset access syntax with curly braces is no longer supported in /in/BgIa9 on line 31
Process exited with code 255 . Output for 7.4.0 - 7.4.33 Deprecated: Array and string offset access syntax with curly braces is deprecated in /in/BgIa9 on line 31
Deprecated: Array and string offset access syntax with curly braces is deprecated in /in/BgIa9 on line 37
Deprecated: Array and string offset access syntax with curly braces is deprecated in /in/BgIa9 on line 39
Deprecated: Array and string offset access syntax with curly braces is deprecated in /in/BgIa9 on line 40
Deprecated: Array and string offset access syntax with curly braces is deprecated in /in/BgIa9 on line 42
Deprecated: Array and string offset access syntax with curly braces is deprecated in /in/BgIa9 on line 43
Deprecated: Array and string offset access syntax with curly braces is deprecated in /in/BgIa9 on line 44
0 Output for 5.1.0 - 5.1.6 , 5.2.0 - 5.2.17 , 5.3.0 - 5.3.29 , 5.4.0 - 5.4.45 , 5.5.24 - 5.5.35 , 5.6.7 - 5.6.28 , 7.0.0 - 7.0.20 , 7.1.0 - 7.1.10 , 7.2.0 - 7.2.33 , 7.3.12 - 7.3.33 0 Output for 5.0.0 - 5.0.5 Parse error: parse error, unexpected T_ARRAY, expecting '&' or T_VARIABLE in /in/BgIa9 on line 67
Process exited with code 255 . Output for 4.4.2 - 4.4.9 Parse error: syntax error, unexpected T_ARRAY, expecting '&' or T_VARIABLE or T_CONST in /in/BgIa9 on line 67
Process exited with code 255 . Output for 4.3.0 - 4.3.1 , 4.3.5 - 4.3.11 , 4.4.0 - 4.4.1 Parse error: parse error, unexpected T_ARRAY, expecting '&' or T_VARIABLE or T_CONST in /in/BgIa9 on line 67
Process exited with code 255 . Output for 4.3.2 - 4.3.4 Parse error: parse error, expecting `'&'' or `T_VARIABLE' or `T_CONST' in /in/BgIa9 on line 67
Process exited with code 255 . preferences:dark mode live preview
216.93 ms | 401 KiB | 312 Q