3v4l.org

run code in 300+ PHP versions simultaneously
<?php function xssfilter($inp){ $inp = html_entity_decode(urldecode($inp)); $inp = preg_replace('/!/','',$inp); if (preg_match('/script|on|xmlns|data/iu',$inp)){ while(preg_match('/script|on|xmlns|data/iu',$inp)){ $inp = preg_replace('/(script)|(on)|(xmlns)|(data)/iu','NO!',$inp); } } return $inp; } echo xssfilter("&#x26;&#x23;&#x78;&#x36;&#x41;&#x3B;&#x26;&#x23;&#x78;&#x36;&#x31;&#x3B;&#x26;&#x23;&#x78;&#x37;&#x36;&#x3B;&#x26;&#x23;&#x78;&#x36;&#x31;&#x3B;&#x26;&#x23;&#x78;&#x37;&#x33;&#x3B;&#x26;&#x23;&#x78;&#x36;&#x33;&#x3B;&#x26;&#x23;&#x78;&#x37;&#x32;&#x3B;&#x26;&#x23;&#x78;&#x36;&#x39;&#x3B;&#x26;&#x23;&#x78;&#x37;&#x30;&#x3B;&#x26;&#x23;&#x78;&#x37;&#x34;&#x3B;: alert('XSS');");
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/HPZBc
function name:  (null)
number of ops:  5
compiled vars:  none
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   14     0  E >   INIT_FCALL                                               'xssfilter'
          1        SEND_VAL                                                 '%26%23x26%3B%26%23x23%3B%26%23x78%3B%26%23x36%3B%26%23x41%3B%26%23x3B%3B%26%23x26%3B%26%23x23%3B%26%23x78%3B%26%23x36%3B%26%23x31%3B%26%23x3B%3B%26%23x26%3B%26%23x23%3B%26%23x78%3B%26%23x37%3B%26%23x36%3B%26%23x3B%3B%26%23x26%3B%26%23x23%3B%26%23x78%3B%26%23x36%3B%26%23x31%3B%26%23x3B%3B%26%23x26%3B%26%23x23%3B%26%23x78%3B%26%23x37%3B%26%23x33%3B%26%23x3B%3B%26%23x26%3B%26%23x23%3B%26%23x78%3B%26%23x36%3B%26%23x33%3B%26%23x3B%3B%26%23x26%3B%26%23x23%3B%26%23x78%3B%26%23x37%3B%26%23x32%3B%26%23x3B%3B%26%23x26%3B%26%23x23%3B%26%23x78%3B%26%23x36%3B%26%23x39%3B%26%23x3B%3B%26%23x26%3B%26%23x23%3B%26%23x78%3B%26%23x37%3B%26%23x30%3B%26%23x3B%3B%26%23x26%3B%26%23x23%3B%26%23x78%3B%26%23x37%3B%26%23x34%3B%26%23x3B%3B%3A+alert%28%27XSS%27%29%3B'
          2        DO_FCALL                                      0  $0      
          3        ECHO                                                     $0
          4      > RETURN                                                   1

Function xssfilter:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 19, Position 2 = 31
Branch analysis from position: 19
1 jumps found. (Code = 42) Position 1 = 26
Branch analysis from position: 26
2 jumps found. (Code = 44) Position 1 = 31, Position 2 = 20
Branch analysis from position: 31
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 20
2 jumps found. (Code = 44) Position 1 = 31, Position 2 = 20
Branch analysis from position: 31
Branch analysis from position: 20
Branch analysis from position: 31
filename:       /in/HPZBc
function name:  xssfilter
number of ops:  33
compiled vars:  !0 = $inp
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   RECV                                             !0      
    4     1        INIT_FCALL                                               'html_entity_decode'
          2        INIT_FCALL                                               'urldecode'
          3        SEND_VAR                                                 !0
          4        DO_ICALL                                         $1      
          5        SEND_VAR                                                 $1
          6        DO_ICALL                                         $2      
          7        ASSIGN                                                   !0, $2
    5     8        INIT_FCALL                                               'preg_replace'
          9        SEND_VAL                                                 '%2F%21%2F'
         10        SEND_VAL                                                 ''
         11        SEND_VAR                                                 !0
         12        DO_ICALL                                         $4      
         13        ASSIGN                                                   !0, $4
    6    14        INIT_FCALL                                               'preg_match'
         15        SEND_VAL                                                 '%2Fscript%7Con%7Cxmlns%7Cdata%2Fiu'
         16        SEND_VAR                                                 !0
         17        DO_ICALL                                         $6      
         18      > JMPZ                                                     $6, ->31
    7    19    > > JMP                                                      ->26
    8    20    >   INIT_FCALL                                               'preg_replace'
         21        SEND_VAL                                                 '%2F%28script%29%7C%28on%29%7C%28xmlns%29%7C%28data%29%2Fiu'
         22        SEND_VAL                                                 'NO%21'
         23        SEND_VAR                                                 !0
         24        DO_ICALL                                         $7      
         25        ASSIGN                                                   !0, $7
    7    26    >   INIT_FCALL                                               'preg_match'
         27        SEND_VAL                                                 '%2Fscript%7Con%7Cxmlns%7Cdata%2Fiu'
         28        SEND_VAR                                                 !0
         29        DO_ICALL                                         $9      
         30      > JMPNZ                                                    $9, ->20
   11    31    > > RETURN                                                   !0
   12    32*     > RETURN                                                   null

End of function xssfilter

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
182 ms | 1403 KiB | 22 Q