<?php
define("TYPE_HTML_TEXT",1);
define("TYPE_NUMBER", 2);
define("TYPE_BOOLEAN", 3);
define("TYPE_SCRIPT", 4);
define("TYPE_BINARY", 5);
define("TYPE_URL", 6);
define("TYPE_LIST_ITEM", 7);
define("TYPE_LIST", 8);
define("TYPE_COLOR", 9);
define("TYPE_CSS_ATTR", 10);
define("TYPE_CSS_ATTR_COLOR", 11);
define("TYPE_CSS_ATTR_SIZE", 12);
define("TYPE_CSS_CUSTOM", 13);
define("TYPE_SIZE", 14);
define("TYPE_CDATA", 15);
define("TYPE_CONFIG", 16);
define("TYPE_HTML_MARKUP", 17);
$ESCAPE_PROPERTIES = true;
/**
* ord() alternative that works with UTF8 characters
* @param string $c
*
* @return int UTF-8 character code value
*/
function getUTF8CharCode($c) {
$h = ord($c{0});
if ($h <= 0x7F) {
return $h;
} else if ($h < 0xC2) {
return false;
} else if ($h <= 0xDF) {
return ($h & 0x1F) << 6 | (ord($c{1}) & 0x3F);
} else if ($h <= 0xEF) {
return ($h & 0x0F) << 12 | (ord($c{1}) & 0x3F) << 6
| (ord($c{2}) & 0x3F);
} else if ($h <= 0xF4) {
return ($h & 0x0F) << 18 | (ord($c{1}) & 0x3F) << 12
| (ord($c{2}) & 0x3F) << 6
| (ord($c{3}) & 0x3F);
} else {
return -1;
}
}
/**
* Escape a single character for CSS context.
* @param $c
* @return string
*/
function escapeCSSCharacter($c) {
return "\\" . base_convert(getUTF8CharCode($c), 10, 16) . " ";
}
/**
* Escape CSS rule
*
* @param string $data The CSS rule
* @param array $immuneChars Array of immune character. These characters will not be escaped.
*
* @return string Escaped string
*/
function escapeCSSValue($data, array $immuneChars = array()) {
$result = "";
for ($i = 0; $i < mb_strlen($data); $i++) {
$currChar = mb_substr($data, $i, 1);
if (getUTF8CharCode($currChar) < 256 && //Character with ASCII value of 255 or less are dangerous!
!preg_match("/^\w$/", $currChar) && //Alphanumeric and underscores are safe.
!in_array($currChar, $immuneChars) //Immune characters are safe.
) {
$result .= escapeCSSCharacter($currChar);
}
else {
$result .= $currChar;
}
}
return $result;
}
function encodeJSONProperty($type, $value, $raw = false) {
global $ESCAPE_PROPERTIES;
if ($raw || !$ESCAPE_PROPERTIES) { //$raw == true means to explicitly not escape.
//$ESCAPE_PROPERTIES is the feature flag. True means we want escaping.
return $value;
}
switch ($type) {
case TYPE_HTML_TEXT:
return htmlspecialchars($value);
case TYPE_CONFIG:
case TYPE_LIST_ITEM:
case TYPE_LIST:
case TYPE_HTML_MARKUP:
return $value;
case TYPE_NUMBER:
return (int)$value;
case TYPE_BOOLEAN:
return stristr($value, "true") != false;
case TYPE_SCRIPT:
return new JSONFunction($value);
case TYPE_URL:
return urlencode($value);
case TYPE_COLOR:
case TYPE_SIZE:
return escapeCSSValue($value, array("#", ",", ".", "(", ")", "-", "%", "*", "+", "=", "/"));
}
}
echo encodeJSONProperty(TYPE_COLOR, "#BADA55ᙦ } * { display: none; } /*");
- Output for git.master, git.master_jit
- Fatal error: Array and string offset access syntax with curly braces is no longer supported in /in/cPFqX on line 31
Process exited with code 255. - Output for rfc.property-hooks
- Parse error: syntax error, unexpected token "{", expecting ")" in /in/cPFqX on line 31
Process exited with code 255.
This tab shows result from various feature-branches currently under review by the php developers. Contact me to have additional branches featured.
Active branches
Archived branches
Once feature-branches are merged or declined, they are no longer available. Their functionality (when merged) can be viewed from the main output page
preferences:
48.94 ms | 401 KiB | 8 Q