Skip to content

Instantly share code, notes, and snippets.

@joshhartman
Created April 20, 2013 05:07
Show Gist options
  • Save joshhartman/5424830 to your computer and use it in GitHub Desktop.
Save joshhartman/5424830 to your computer and use it in GitHub Desktop.
Escape HTML Function for Browser Output Prevents XSS (Cross-Site Scripting)
<?php
function escape_html($str){
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}
?>
<html>
<head>
<title>Escape_HTML Example</title>
</head>
<body>
<h1>Escape_HTML Example</h1>
<p><?php echo escape_html('<script>alert(123);</script>'); ?></p>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment