3v4l.org

run code in 500+ PHP versions simultaneously
<?php $allowed_tags = array("img", "p"); $allowed_attributes = array("style"); $text='<img src="image.gif" onerror="myFunction()" style="background:red" onclick="myFunction()"> <p>A function is triggered if an error occurs when loading the image. The function shows an alert box with a text. In this example we refer to an image that does not exist, therefore the onerror event occurs.</p> <div>a sample div with a <span>span in it</span></div> <p>a sample para with a <span>span in it</span></p> <script> function myFunction() { alert(\'The image could not be loaded.\'); } </script>'; function remove_nodes_and_attributes($doc, $node, $allowed_tags, $allowed_attributes) { $xpath = new DOMXPath($doc); foreach ($xpath->query('./*', $node) as $child) { if (!in_array($child->nodeName, $allowed_tags)) { $node->removeChild($child); continue; } $a = 0; while ($a < $child->attributes->length) { $attribute = $child->attributes->item($a)->name; if (!in_array($attribute, $allowed_attributes)) { $child->removeAttribute($attribute); // don't increment the pointer as the list will shift with the removal of the attribute } else { // allowed attribute, skip it $a++; } } // remove any children as necessary remove_nodes_and_attributes($doc, $child, $allowed_tags, $allowed_attributes); } } $doc = new DOMDocument(); $doc->loadHTML("<html>$text</html>", LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD); $html = $doc->getElementsByTagName('html')[0]; remove_nodes_and_attributes($doc, $html, $allowed_tags, $allowed_attributes); echo substr($doc->saveHTML(), 6, -8);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/vmSDF
function name:  (null)
number of ops:  30
compiled vars:  !0 = $allowed_tags, !1 = $allowed_attributes, !2 = $text, !3 = $doc, !4 = $html
line      #* E I O op                               fetch          ext  return  operands
-----------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                       !0, <array>
    4     1        ASSIGN                                                       !1, <array>
    5     2        ASSIGN                                                       !2, '%3Cimg+src%3D%22image.gif%22+onerror%3D%22myFunction%28%29%22+style%3D%22background%3Ared%22+onclick%3D%22myFunction%28%29%22%3E%0A%0A%3Cp%3EA+function+is+triggered+if+an+error+occurs+when+loading+the+image.+The+function+shows+an+alert+box+with+a+text.%0AIn+this+example+we+refer+to+an+image+that+does+not+exist%2C+therefore+the+onerror+event+occurs.%3C%2Fp%3E%0A%0A%3Cdiv%3Ea+sample+div+with+a+%3Cspan%3Espan+in+it%3C%2Fspan%3E%3C%2Fdiv%3E%0A%3Cp%3Ea+sample+para+with+a+%3Cspan%3Espan+in+it%3C%2Fspan%3E%3C%2Fp%3E%0A%3Cscript%3E%0Afunction+myFunction%28%29+%7B%0A++alert%28%27The+image+could+not+be+loaded.%27%29%3B%0A%7D%0A%3C%2Fscript%3E'
   42     3        NEW                                                  $8      'DOMDocument'
          4        DO_FCALL                                          0          
          5        ASSIGN                                                       !3, $8
   43     6        INIT_METHOD_CALL                                             !3, 'loadHTML'
          7        ROPE_INIT                                         3  ~12     '%3Chtml%3E'
          8        ROPE_ADD                                          1  ~12     ~12, !2
          9        ROPE_END                                          2  ~11     ~12, '%3C%2Fhtml%3E'
         10        SEND_VAL_EX                                                  ~11
         11        SEND_VAL_EX                                                  8196
         12        DO_FCALL                                          0          
   44    13        INIT_METHOD_CALL                                             !3, 'getElementsByTagName'
         14        SEND_VAL_EX                                                  'html'
         15        DO_FCALL                                          0  $15     
         16        FETCH_DIM_R                                          ~16     $15, 0
         17        ASSIGN                                                       !4, ~16
   45    18        INIT_FCALL                                                   'remove_nodes_and_attributes'
         19        SEND_VAR                                                     !3
         20        SEND_VAR                                                     !4
         21        SEND_VAR                                                     !0
         22        SEND_VAR                                                     !1
         23        DO_FCALL                                          0          
   46    24        INIT_METHOD_CALL                                             !3, 'saveHTML'
         25        DO_FCALL                                          0  $19     
         26        FRAMELESS_ICALL_3                substr              ~20     $19, 6
         27        OP_DATA                                                      -8
         28        ECHO                                                         ~20
         29      > RETURN                                                       1

Function remove_nodes_and_attributes:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 77) Position 1 = 13, Position 2 = 49
Branch analysis from position: 13
2 jumps found. (Code = 78) Position 1 = 14, Position 2 = 49
Branch analysis from position: 14
2 jumps found. (Code = 43) Position 1 = 18, Position 2 = 22
Branch analysis from position: 18
1 jumps found. (Code = 42) Position 1 = 13
Branch analysis from position: 13
Branch analysis from position: 22
1 jumps found. (Code = 42) Position 1 = 38
Branch analysis from position: 38
2 jumps found. (Code = 44) Position 1 = 42, Position 2 = 24
Branch analysis from position: 42
1 jumps found. (Code = 42) Position 1 = 13
Branch analysis from position: 13
Branch analysis from position: 24
2 jumps found. (Code = 43) Position 1 = 33, Position 2 = 37
Branch analysis from position: 33
1 jumps found. (Code = 42) Position 1 = 38
Branch analysis from position: 38
Branch analysis from position: 37
2 jumps found. (Code = 44) Position 1 = 42, Position 2 = 24
Branch analysis from position: 42
Branch analysis from position: 24
Branch analysis from position: 49
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 49
filename:       /in/vmSDF
function name:  remove_nodes_and_attributes
number of ops:  51
compiled vars:  !0 = $doc, !1 = $node, !2 = $allowed_tags, !3 = $allowed_attributes, !4 = $xpath, !5 = $child, !6 = $a, !7 = $attribute
line      #* E I O op                               fetch          ext  return  operands
-----------------------------------------------------------------------------------------
   18     0  E >   RECV                                                 !0      
          1        RECV                                                 !1      
          2        RECV                                                 !2      
          3        RECV                                                 !3      
   19     4        NEW                                                  $8      'DOMXPath'
          5        SEND_VAR_EX                                                  !0
          6        DO_FCALL                                          0          
          7        ASSIGN                                                       !4, $8
   20     8        INIT_METHOD_CALL                                             !4, 'query'
          9        SEND_VAL_EX                                                  '.%2F%2A'
         10        SEND_VAR_EX                                                  !1
         11        DO_FCALL                                          0  $11     
         12      > FE_RESET_R                                           $12     $11, ->49
         13    > > FE_FETCH_R                                                   $12, !5, ->49
   21    14    >   FETCH_OBJ_R                                          ~13     !5, 'nodeName'
         15        FRAMELESS_ICALL_2                in_array            ~14     ~13, !2
         16        BOOL_NOT                                             ~15     ~14
         17      > JMPZ                                                         ~15, ->22
   22    18    >   INIT_METHOD_CALL                                             !1, 'removeChild'
         19        SEND_VAR_EX                                                  !5
         20        DO_FCALL                                          0          
   23    21      > JMP                                                          ->13
   25    22    >   ASSIGN                                                       !6, 0
   26    23      > JMP                                                          ->38
   27    24    >   FETCH_OBJ_R                                          ~18     !5, 'attributes'
         25        INIT_METHOD_CALL                                             ~18, 'item'
         26        SEND_VAR_EX                                                  !6
         27        DO_FCALL                                          0  $19     
         28        FETCH_OBJ_R                                          ~20     $19, 'name'
         29        ASSIGN                                                       !7, ~20
   28    30        FRAMELESS_ICALL_2                in_array            ~22     !7, !3
         31        BOOL_NOT                                             ~23     ~22
         32      > JMPZ                                                         ~23, ->37
   29    33    >   INIT_METHOD_CALL                                             !5, 'removeAttribute'
         34        SEND_VAR_EX                                                  !7
         35        DO_FCALL                                          0          
   28    36      > JMP                                                          ->38
   34    37    >   PRE_INC                                                      !6
   26    38    >   FETCH_OBJ_R                                          ~26     !5, 'attributes'
         39        FETCH_OBJ_R                                          ~27     ~26, 'length'
         40        IS_SMALLER                                                   !6, ~27
         41      > JMPNZ                                                        ~28, ->24
   38    42    >   INIT_FCALL_BY_NAME                                           'remove_nodes_and_attributes'
         43        SEND_VAR_EX                                                  !0
         44        SEND_VAR_EX                                                  !5
         45        SEND_VAR_EX                                                  !2
         46        SEND_VAR_EX                                                  !3
         47        DO_FCALL                                          0          
   20    48      > JMP                                                          ->13
         49    >   FE_FREE                                                      $12
   40    50      > RETURN                                                       null

End of function remove_nodes_and_attributes

Generated using Vulcan Logic Dumper, using php 8.5.0

preferences:
239.85 ms | 2180 KiB | 14 Q