3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
<?php $encoded = htmlentities("Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!"); $decoded = html_entity_decode($encoded); echo "This is what's sent in the html source... so the browser doesn't actually recognize it as a script.\n"; echo $encoded; echo "\nThis is what it looks like on screen to the user.\n"; echo $decoded; ?>
Output for 4.3.0 - 7.1.0
This is what's sent in the html source... so the browser doesn't actually recognize it as a script. Hey I am a nefarious hacker! Look at my brackets! &lt;script&gt;HAHAHA&lt;/script&gt;! This is what it looks like on screen to the user. Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!