defuse/quine.php

## quine.php
<?php

/* Escaping Challenge: Make a PHP script that (Z:) generates JavaScript code
 * that generates an HTML page containing a PHP script that (goto Z) */

/* The purpose of this challenge is to demonstrate how complicated escaping can
 * get when you're trying to combine 4 different languages (PHP, JavaScript,
 * HTML, and string literals). */

function js_string_escape($data)
{
    $safe = "";
    for($i = 0; $i < strlen($data); $i++)
    {
        if(ctype_alnum($data[$i]))
            $safe .= $data[$i];
        else
            $safe .= sprintf("\\x%02X", ord($data[$i]));
    }
    return $safe;
}

function javascriptify($str) {
    return $script;
}

echo "<html><body><script>\n";
echo "var x = \"<pre>" . js_string_escape(htmlentities(file_get_contents(__FILE__), ENT_QUOTES)) . "</pre>\";\n";
echo "document.body.innerHTML = x;\n";
echo "</script></body></html>";

?>
	<?php

	/* Escaping Challenge: Make a PHP script that (Z:) generates JavaScript code
	* that generates an HTML page containing a PHP script that (goto Z) */

	/* The purpose of this challenge is to demonstrate how complicated escaping can
	* get when you're trying to combine 4 different languages (PHP, JavaScript,
	* HTML, and string literals). */

	function js_string_escape($data)
	{
	$safe = "";
	for($i = 0; $i < strlen($data); $i++)
	{
	if(ctype_alnum($data[$i]))
	$safe .= $data[$i];
	else
	$safe .= sprintf("\\x%02X", ord($data[$i]));
	}
	return $safe;
	}

	function javascriptify($str) {
	return $script;
	}

	echo "<html><body><script>\n";
	echo "var x = \"<pre>" . js_string_escape(htmlentities(file_get_contents(__FILE__), ENT_QUOTES)) . "</pre>\";\n";
	echo "document.body.innerHTML = x;\n";
	echo "</script></body></html>";

	?>