function formatCode($string) { return str_replace(array("\t", '»', '\\0(null)'), array('<strong>\\t</strong>', '<span class="linebreak">»</span>', '<strong>\\0</strong>'), escapeHTML(str_replace("", '\\0(null)', wordwrap($string, 28, " »\n", true)))); }
<th>Test</th> <th>Result</th> <th>Message</th> </tr> <?php foreach ($tests as $test) { $class = $test['result'] == 'fail' ? 'class="fail"' : ''; ?> <tr> <td><?php echo escapeHTML($test['name']); ?> </td> <td <?php echo $class; ?> ><?php echo escapeHTML($test['result']); ?> </td> <td><?php echo escapeHTML($test['message']); ?> </td> </tr> <?php } ?> </table> <?php }
if ($filename[0] == '.') { continue; } if (strpos($filename, '.php') === false) { continue; } if ($filename == 'common.php') { continue; } if ($filename == 'all.php') { continue; } if ($filename == 'testSchema.php') { continue; } ?> <iframe src="<?php echo escapeHTML($filename); if (isset($_GET['standalone'])) { echo '?standalone'; } ?> "></iframe> <?php } ?> </div> </body> </html> <?php // vim: et sw=4 sts=4
function escapeAttrHTML($str) { return escapeAttr(escapeHTML($str)); }
</style> <?php } ?> </head> <body> <h1>Extract Style Blocks</h1> <p> This smoketest allows users to specify global style sheets for the document, allowing for interesting techniques and compact markup that wouldn't normally be possible, using the ExtractStyleBlocks filter. </p> <p> User submitted content: </p> <div style="border: 1px solid #CCC; margin: 1em; padding: 1em;"> <?php echo $purified_html; ?> </div> <form action="" method="post"> <textarea cols="100" rows="20" name="html"><?php echo escapeHTML($html); ?> </textarea> <input type="submit" value="Submit" /> </form> </body> </html> <?php // vim: et sw=4 sts=4
function shn_main_clean_getpost() { $purifier = new HTMLPurifier(); foreach ($_POST as $key => $val) { //this is a hack to prevent po file passed by htmlpurifier if ($key == 'msgs') { continue; } if (is_array($_POST[$key]) == true) { } else { //$val=shn_db_clean($val); $val = $purifier->purify($val); $val = escapeHTML($val); $_POST[$key] = $val; } } }
$html .= '>A"'; // in our out the attribute? ;-) $html .= "onerror=alert('{$i}')>O"; $pure_html = $purifier->purify($html); ?> <tr> <td><?php echo $i; ?> </td> <td style="font-size:8pt;"><?php echo escapeHTML($html); ?> </td> <td style="font-size:8pt;"><?php echo escapeHTML($pure_html); ?> </td> <td><?php echo $pure_html; ?> </td> </tr> <?php } ?> </tbody> </table> <h2>Analysis</h2>