3v4l.org

run code in 300+ PHP versions simultaneously
<?php define("TYPE_HTML_TEXT",1); define("TYPE_NUMBER", 2); define("TYPE_BOOLEAN", 3); define("TYPE_SCRIPT", 4); define("TYPE_BINARY", 5); define("TYPE_URL", 6); define("TYPE_LIST_ITEM", 7); define("TYPE_LIST", 8); define("TYPE_COLOR", 9); define("TYPE_CSS_ATTR", 10); define("TYPE_CSS_ATTR_COLOR", 11); define("TYPE_CSS_ATTR_SIZE", 12); define("TYPE_CSS_CUSTOM", 13); define("TYPE_SIZE", 14); define("TYPE_CDATA", 15); define("TYPE_CONFIG", 16); define("TYPE_HTML_MARKUP", 17); $ESCAPE_PROPERTIES = true; /** * ord() alternative that works with UTF8 characters * @param string $c * * @return int UTF-8 character code value */ function getUTF8CharCode($c) { $h = ord($c{0}); if ($h <= 0x7F) { return $h; } else if ($h < 0xC2) { return false; } else if ($h <= 0xDF) { return ($h & 0x1F) << 6 | (ord($c{1}) & 0x3F); } else if ($h <= 0xEF) { return ($h & 0x0F) << 12 | (ord($c{1}) & 0x3F) << 6 | (ord($c{2}) & 0x3F); } else if ($h <= 0xF4) { return ($h & 0x0F) << 18 | (ord($c{1}) & 0x3F) << 12 | (ord($c{2}) & 0x3F) << 6 | (ord($c{3}) & 0x3F); } else { return -1; } } /** * Escape a single character for CSS context. * @param $c * @return string */ function escapeCSSCharacter($c) { return "\\" . base_convert(getUTF8CharCode($c), 10, 16) . " "; } /** * Escape CSS rule * * @param string $data The CSS rule * @param array $immuneChars Array of immune character. These characters will not be escaped. * * @return string Escaped string */ function escapeCSSValue($data, array $immuneChars = array()) { $result = ""; for ($i = 0; $i < mb_strlen($data); $i++) { $currChar = mb_substr($data, $i, 1); if (getUTF8CharCode($currChar) < 256 && //Character with ASCII value of 255 or less are dangerous! !preg_match("/^\w$/", $currChar) && //Alphanumeric and underscores are safe. !in_array($currChar, $immuneChars) //Immune characters are safe. ) { $result .= escapeCSSCharacter($currChar); } else { $result .= $currChar; } } return $result; } function encodeJSONProperty($type, $value, $raw = false) { global $ESCAPE_PROPERTIES; if ($raw || !$ESCAPE_PROPERTIES) { //$raw == true means to explicitly not escape. //$ESCAPE_PROPERTIES is the feature flag. True means we want escaping. return $value; } switch ($type) { case TYPE_HTML_TEXT: return htmlspecialchars($value); case TYPE_CONFIG: case TYPE_LIST_ITEM: case TYPE_LIST: case TYPE_HTML_MARKUP: return $value; case TYPE_NUMBER: return (int)$value; case TYPE_BOOLEAN: return stristr($value, "true") != false; case TYPE_SCRIPT: return new JSONFunction($value); case TYPE_URL: return urlencode($value); case TYPE_COLOR: case TYPE_SIZE: return escapeCSSValue($value, array("#", ",", ".", "(", ")", "-", "%", "*", "+", "=", "/")); } } echo encodeJSONProperty(TYPE_COLOR, "<script src='evil.js'>Evil</script>");

This is an error 404

There are `0` results


preferences:
168.82 ms | 1390 KiB | 7 Q