3v4l.org

run code in 300+ PHP versions simultaneously
<?php function xss_clean($str){ // Remove all NULL bytes $str = str_replace("\0", '', $str); // Fix &entity\n; $str = str_replace(array('&','<','>'), array('&amp;','&lt;','&gt;'), $str); $str = preg_replace('/(&#*\w+)[\x00-\x20]+;/u', '$1;', $str); $str = preg_replace('/(&#x*[0-9A-F]+);*/iu', '$1;', $str); $str = preg_replace('#(<[^>]+?;base64,.+>|<[^>]+?.+;base64,.+>.+<\/.+>)#','',$str); //$str = html_entity_decode($str, ENT_COMPAT, $charset); //org $str = html_entity_decode($str, ENT_COMPAT); // Remove any attribute starting with "on" or xmlns $str = preg_replace('#(?:on[a-z]+|xmlns)\s*=\s*[\'"\x00-\x20]?[^\'>"]*[\'"\x00-\x20]?\s?#iu', '', $str); // Remove javascript: and vbscript: protocols $str = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2nojavascript...', $str); $str = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2novbscript...', $str); $str = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#u', '$1=$2nomozbinding...', $str); // Only works in IE: $str = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#is', '$1>', $str); $str = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#is', '$1>', $str); $str = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#ius', '$1>', $str); // Remove namespaced elements (we do not need them) $str = preg_replace('#<!--*\w+:\w[^-->]*+>#i', '', $str); do{ // Remove really unwanted tags $old = $str; $str = preg_replace('#<!--*(?:applet|b(?:ase|gsound|link)|embed|ilayer|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^-->]*+>#i', '', $str); } while ($old !== $str); return $str; } $str = 'qwejlj<img src =x onerror=confirm(document.cookie);lol'; echo xss_clean($str);
Output for 4.3.2 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.24 - 5.5.35, 5.6.7 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.25, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.4, 8.3.6
qwejlj<img src =x
Output for 8.3.5
Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0 qwejlj<img src =x
Output for 4.3.0 - 4.3.1

Process exited with code 139.
preferences:
238.21 ms | 401 KiB | 327 Q