Example #1
0
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<script language="JavaScript">
<!--
function KeyPress()
{
	if(window.event.keyCode == 27)
		window.close();
}
//-->
</script>
<style type="text/css">
<!--
body {margin-left:0; margin-top:0; margin-right:0; margin-bottom:0;}
-->
</style>
<title><?php 
echo $alt;
?>
</title></head>
<body topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" onKeyPress="KeyPress()">
<img src="<?php 
echo htmlspecialchars_plus($img);
?>
" border="0" alt="<?php 
echo $alt;
?>
">
</body>
</html>
Example #2
0
<?php

if (substr($url, 0, 4) != "http" && substr($url, 0, 1) != "/") {
    $url = "/" . $url;
}
//This function will protect against utf-7 xss
//on page with no character setting
function htmlspecialchars_plus($str)
{
    return str_replace("+", "&#43;", htmlspecialchars($str));
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php 
echo htmlspecialchars_plus($charset);
?>
">
<meta http-equiv="Refresh" content="3;URL=<?php 
echo htmlspecialchars_plus($url);
?>
">
</head>
<body>
<div align="center"><h3><?php 
echo htmlspecialchars_plus($mess);
?>
</h3></div>
</body>
</html>