[b][i][u]Bold, italics, underline[/u][/i][/b]';
$code = new \mjohnson\decoda\Decoda($string);
$code->resetHooks()->resetFilters();
echo $code->parse();
?>
<h2>Disable tag parsing</h2>
<?php
$string = '[b]Bold[/b]
[i]Italics[/i]
[u]Underline[/u]
[s]Strike through[/s]
[b][i][u]Bold, italics, underline[/u][/i][/b]';
$code = new \mjohnson\decoda\Decoda($string);
$code->defaults()->disable();
echo $code->parse();
?>
<h2>Customizable brackets</h2>
<?php
$string = '{b}Bold{/b}
{i}Italics{/i}
{u}Underline{/u}
{s}Strike through{/s}
{b}{i}{u}Bold, italics, underline{/u}{/i}{/b}';
$code = new \mjohnson\decoda\Decoda($string);
$code->addFilter(new \mjohnson\decoda\filters\DefaultFilter())->setBrackets('{', '}');
echo $code->parse();
?>
<?php
$code = new \mjohnson\decoda\Decoda();
$code->defaults();
?>
<h2>XSS Protection</h2>
<p>Any form of XSS injection will be escaped or removed from the final output; this includes any attribute beginning with javascript:.</p><br>
<?php
$string = '<script>alert("I can use XSS");</script>
[b]<script>alert(document.cookie);</script>[/b]
[div class="javascript:alert(document);"]Attribute XSS prevention[/div]
[video="youtube" size="small"]"onload="alert(\'XSS\');" id="[/video]';
$code->reset($string);
echo $code->parse();
?>
<h2>XSS Protection <span>within an image</span></h2>
<p>If an [img] tag attempts to generate an XSS attack by placing multiple HTTP calls in one tag, the tag will not be rendered.
For example, the following URL will fail: [img]http://example.com/delete-account?image=http://example.com/image.jpg[/img]</p><br>
<?php
$string = '[img]http://localhost/doSomething.php?image=http://www.google.com/intl/en_ALL/images/srpr/logo1w.png[/img]';
$code->reset($string);
echo $code->parse();
