<?php
$encoded = htmlentities("Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!");
$decoded = html_entity_decode($encoded);
echo "This is what's sent in the html source... so the browser doesn't actually recognize it as a script.\n";
echo $encoded;
echo "\nThis is what it looks like on screen to the user.\n";
echo $decoded;
?>
This is what's sent in the html source... so the browser doesn't actually recognize it as a script.
Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!
This is what it looks like on screen to the user.
Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!