3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
<?php $question="<script>alert('hacked')</script>"; echo "<br>original question=",$question; $question = make_secure( $question ); echo "<br>converted question=",$question; echo "<br>converted question calling htmlspecialchars=",htmlspecialchars($question); function make_secure($data) { $data = htmlspecialchars($data); return $data; }
Output for 4.3.0 - 5.6.28, hhvm-3.10.0 - 3.12.0, 7.0.0 - 7.1.0
<br>original question=<script>alert('hacked')</script><br>converted question=&lt;script&gt;alert('hacked')&lt;/script&gt;<br>converted question calling htmlspecialchars=&amp;lt;script&amp;gt;alert('hacked')&amp;lt;/script&amp;gt;