3v4l.org

run code in 300+ PHP versions simultaneously
<?php $encoded = htmlentities("Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!"); $decoded = html_entity_decode($encoded); echo "This is what's sent in the html source... so the browser doesn't actually recognize it as a script.\n"; echo $encoded; echo "\nThis is what it looks like on screen to the user.\n"; echo $decoded; ?>
Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.24 - 5.5.35, 5.6.7 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.25, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
This is what's sent in the html source... so the browser doesn't actually recognize it as a script. Hey I am a nefarious hacker! Look at my brackets! &lt;script&gt;HAHAHA&lt;/script&gt;! This is what it looks like on screen to the user. Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!
preferences:
221.94 ms | 406 KiB | 327 Q