htmLawed test: HTML view of unprocessed input

HTMLAWED TEST

htm / txt documentation
Input » (max. chars)

'; } ?> Validator tools: '; } } ?> Encoding:

Input text is too long!
'; } ?>
Settings »

Config:

href

rel

href

mailto:

CDATA

Word

bad

radio

safe

finalized

style

xml:lang

', $k, ': '; if(!empty($v[0])){ // input radio $j = $v[3]; for($i = $j-1; ++$i < $v[0]+$v[3];++$j){ echo '', $i, ' '; } if($v[1] == 'nil'){ echo 'not set '; } if(!empty($v[4])){ // + input text box echo ''; if(!is_array($v[4])){ echo $v[6], ': '; } else{ foreach($v[4] as $z){ echo ' ', $z[3], ': '; } } } } elseif(ctype_digit($v[3])){ // input text echo ''; } else{} // text-area echo ' ', $v[2], '

Spec:

'; ?>

$v){ if($k[0] == 'h' && $v != 'nil'){ $cfg[substr($k, 1)] = $v; } } if(isset($cfg['anti_link_spam']) && $cfg['anti_link_spam'] && (!empty($cfg['anti_link_spam11']) or !empty($cfg['anti_link_spam12']))){ $cfg['anti_link_spam'] = array($cfg['anti_link_spam11'], $cfg['anti_link_spam12']); } unset($cfg['anti_link_spam11'], $cfg['anti_link_spam12']); if(isset($cfg['anti_mail_spam']) && $cfg['anti_mail_spam'] == 1){ $cfg['anti_mail_spam'] = isset($cfg['anti_mail_spam1'][0]) ? $cfg['anti_mail_spam1'] : 0; } unset($cfg['anti_mail_spam11']); if(isset($cfg['deny_attribute']) && $cfg['deny_attribute'] == 1){ $cfg['deny_attribute'] = isset($cfg['deny_attribute1'][0]) ? $cfg['deny_attribute1'] : 0; } unset($cfg['deny_attribute1']); if(isset($cfg['tidy']) && $cfg['tidy'] == 2){ $cfg['tidy'] = isset($cfg['tidy2'][0]) ? $cfg['tidy2'] : 0; } unset($cfg['tidy2']); if(isset($cfg['unique_ids']) && $cfg['unique_ids'] == 2){ $cfg['unique_ids'] = isset($cfg['unique_ids2'][0]) ? $cfg['unique_ids2'] : 1; } unset($cfg['unique_ids2']); unset($cfg['and_mark']); // disabling and_mark $cfg['show_setting'] = 'hlcfg'; $st = microtime(); $out = htmLawed($_POST['text'], $cfg, $_POST['spec']); $et = microtime(); echo '
Input code » ', strlen($_POST['text']), ' chars, ~', ($tag = round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<'))/2)), ' tag', ($tag > 1 ? 's' : ''), ' ', (!isset($_POST['text'][$_hlimit]) ? ' Input binary » ' : ''), ' Finalized internal settings » ', '
Output » htmLawed processing time ', number_format(((substr($et,0,9)) + (substr($et,-10)) - (substr($st,0,9)) - (substr($st,-10))),4), ' s', (($mem = memory_get_peak_usage()) !== false ? ', peak memory usage '. round(($mem-$pre_mem)/1048576, 2). ' MB' : ''), '

'; if($_w3c_validate && $validation) { ?>
Output code »

', format($out), '

', (!isset($_POST['text'][$_hlimit]) ? ' Output binary »' : ''), ' Diff »
Output rendered »

', $out, '

'; } else{ ?>

Use with a Javascript- and cookie-enabled, relatively new version of a common browser. Submitted input will also be HTML-rendered (XHTML 1) after htmLawed-filtering.
You can use text from this collection of test-cases in the input. Set the character encoding of the browser to Unicode/utf-8 before copying.' : ''); ?>

For anti-XSS tests, try the special test-page or see these results.

Change Encoding to reflect the character encoding of the input text. Even then, it may not work or some characters may not display properly because of variable browser support and because of the form interface. Developers can write some PHP code to capture the filtered input to a file if this is important.

Refer to the htmLawed documentation (htm/txt) for details about Settings, and htmLawed's behavior and limitations. For Settings, incorrectly-specified values like regular expressions are silently ignored. One or more settings form-fields may have been disabled. Some characters are not allowed in the Spec field.

Hovering the mouse over some of the text can provide additional information in some browsers.

Because of character-encoding issues, the W3C validator (anyway not perfect) may reject validation requests or invalidate otherwise-valid code, esp. if text was copy-pasted in the input box. Local applications like the HTML Validator Firefox browser add-on may be useful in such cases.