@ 2015-05-02T04:26:43Z <?php
function xss_clean($str){
// Remove all NULL bytes
$str = str_replace("\0", '', $str);
// Fix &entity\n;
$str = str_replace(array('&','<','>'), array('&','<','>'), $str);
$str = preg_replace('/(&#*\w+)[\x00-\x20]+;/u', '$1;', $str);
$str = preg_replace('/(&#x*[0-9A-F]+);*/iu', '$1;', $str);
$str = preg_replace('#(<[^>]+?;base64,.+>|<[^>]+?.+;base64,.+>.+<\/.+>)#','',$str);
//$str = html_entity_decode($str, ENT_COMPAT, $charset); //org
$str = html_entity_decode($str, ENT_COMPAT);
// Remove any attribute starting with "on" or xmlns
$str = preg_replace('#(?:on[a-z]+|xmlns)\s*=\s*[\'"\x00-\x20]?[^\'>"]*[\'"\x00-\x20]?\s?#iu', '', $str);
// Remove javascript: and vbscript: protocols
$str = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2nojavascript...', $str);
$str = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2novbscript...', $str);
$str = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#u', '$1=$2nomozbinding...', $str);
// Only works in IE:
$str = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#is', '$1>', $str);
$str = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#is', '$1>', $str);
$str = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#ius', '$1>', $str);
// Remove namespaced elements (we do not need them)
$str = preg_replace('#<!--*\w+:\w[^-->]*+>#i', '', $str);
do{
// Remove really unwanted tags
$old = $str;
$str = preg_replace('#<!--*(?:applet|b(?:ase|gsound|link)|embed|ilayer|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^-->]*+>#i', '', $str);
}
while ($old !== $str);
return $str;
}
$str = 'qwejlj<img src =x onerror=confirm(document.cookie);lol';
echo xss_clean($str);
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Output for 4.3.2 - 4.3.11 , 4.4.0 - 4.4.9 , 5.0.0 - 5.0.5 , 5.1.0 - 5.1.6 , 5.2.0 - 5.2.17 , 5.3.0 - 5.3.29 , 5.4.0 - 5.4.45 , 5.5.24 - 5.5.35 , 5.6.7 - 5.6.28 , 7.0.0 - 7.0.20 , 7.1.0 - 7.1.25 , 7.2.0 - 7.2.33 , 7.3.0 - 7.3.33 , 7.4.0 - 7.4.33 , 8.0.0 - 8.0.30 , 8.1.0 - 8.1.28 , 8.2.0 - 8.2.18 , 8.3.0 - 8.3.4 , 8.3.6 qwejlj<img src =x Output for 8.3.5 Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
qwejlj<img src =x Output for 4.3.0 - 4.3.1 Process exited with code 139 . preferences:dark mode live preview
238.21 ms | 401 KiB | 327 Q