Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Escape HTML Function for Browser Output Prevents XSS (Cross-Site Scripting)
<?php
function escape_html($str){
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}
?>
<html>
<head>
<title>Escape_HTML Example</title>
</head>
<body>
<h1>Escape_HTML Example</h1>
<p><?php echo escape_html('<script>alert(123);</script>'); ?></p>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment