3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
<?php define("TYPE_HTML_TEXT",1); define("TYPE_NUMBER", 2); define("TYPE_BOOLEAN", 3); define("TYPE_SCRIPT", 4); define("TYPE_BINARY", 5); define("TYPE_URL", 6); define("TYPE_LIST_ITEM", 7); define("TYPE_LIST", 8); define("TYPE_COLOR", 9); define("TYPE_CSS_ATTR", 10); define("TYPE_CSS_ATTR_COLOR", 11); define("TYPE_CSS_ATTR_SIZE", 12); define("TYPE_CSS_CUSTOM", 13); define("TYPE_SIZE", 14); define("TYPE_CDATA", 15); define("TYPE_CONFIG", 16); define("TYPE_HTML_MARKUP", 17); /** * ord() alternative that works with UTF8 characters * @param string $c * * @return int UTF-8 character code value */ function getUTF8CharCode($c) { $h = ord($c{0}); if ($h <= 0x7F) { return $h; } else if ($h < 0xC2) { return false; } else if ($h <= 0xDF) { return ($h & 0x1F) << 6 | (ord($c{1}) & 0x3F); } else if ($h <= 0xEF) { return ($h & 0x0F) << 12 | (ord($c{1}) & 0x3F) << 6 | (ord($c{2}) & 0x3F); } else if ($h <= 0xF4) { return ($h & 0x0F) << 18 | (ord($c{1}) & 0x3F) << 12 | (ord($c{2}) & 0x3F) << 6 | (ord($c{3}) & 0x3F); } else { return -1; } } /** * Escape a single character for CSS context. * @param $c * @return string */ function escapeCSSCharacter($c) { return "\\" . base_convert(getUTF8CharCode($c), 10, 16) . " "; } /** * Escape CSS rule * * @param string $data The CSS rule * @param array $immuneChars Array of immune character. These characters will not be escaped. * * @return string Escaped string */ function escapeCSSValue($data, array $immuneChars = array()) { $result = ""; for ($i = 0; $i < mb_strlen($data); $i++) { $currChar = mb_substr($data, $i, 1); if (getUTF8CharCode($currChar) < 256 && //Character with ASCII value of 255 or less are dangerous! !preg_match("/^\w$/", $currChar) && //Alphanumeric and underscores are safe. !in_array($currChar, $immuneChars) //Immune characters are safe. ) { $result .= escapeCSSCharacter($currChar); } else { $result .= $currChar; } } return $result; } function encodeJSONProperty($type, $value, $raw = false) { global $ESCAPE_PROPERTIES; if ($raw || !$ESCAPE_PROPERTIES) { //$raw == true means to explicitly not escape. //$ESCAPE_PROPERTIES is the feature flag. True means we want escaping. return $value; } switch ($type) { case TYPE_HTML_TEXT: return htmlspecialchars($value); case TYPE_CONFIG: case TYPE_LIST_ITEM: case TYPE_LIST: case TYPE_HTML_MARKUP: return $value; case TYPE_NUMBER: return (int)$value; case TYPE_BOOLEAN: return stristr($value, "true") != false; case TYPE_SCRIPT: return new JSONFunction($value); case TYPE_URL: return urlencode($value); case TYPE_COLOR: case TYPE_SIZE: return escapeCSSValue($value, array("#", ",", ".", "(", ")", "-", "%", "*", "+", "=", "/")); } } echo encodeJSONProperty(TYPE_HTML_TEXT, "<script>Evil</script>");
Output for 5.1.0 - 7.1.0
<script>Evil</script>
Output for 5.0.0 - 5.0.5
Parse error: parse error, unexpected T_ARRAY, expecting '&' or T_VARIABLE in /in/pm5Ne on line 65
Process exited with code 255.
Output for 4.4.2 - 4.4.9
Parse error: syntax error, unexpected T_ARRAY, expecting '&' or T_VARIABLE or T_CONST in /in/pm5Ne on line 65
Process exited with code 255.
Output for 4.3.0 - 4.3.1, 4.3.5 - 4.4.1
Parse error: parse error, unexpected T_ARRAY, expecting '&' or T_VARIABLE or T_CONST in /in/pm5Ne on line 65
Process exited with code 255.
Output for 4.3.2 - 4.3.4
Parse error: parse error, expecting `'&'' or `T_VARIABLE' or `T_CONST' in /in/pm5Ne on line 65
Process exited with code 255.