Home/ Questions/Q 345063
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T11:02:57+00:00

I am trying to test some of these code here http://ha.ckers.org/xss.html on my code.

  • 0

I am trying to test some of these code here http://ha.ckers.org/xss.html on my code. To do so I need to set the codes on that page into a PHP variable, I am having trouble though.

For example this code below is incorrect just for setting it to a variable because of the “code” and ‘code’ the ‘” is what I am talking about. How can I set code from that page or below into a PHP variable for testing? 

$string = '<IMG SRC=\"javascript:alert('XSS');\"><b>hello</b> hiii';
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Another way, maybe a bit easier (you don’t have to escape the quotes, nor double-quotes) would be to use Heredoc syntax :

    $string = <<<STR_1
<IMG SRC="javascript:alert('XSS');"><b>hello</b> hiii
STR_1;

    Note you’ll still have to escape the $ sign, if you have some, to not have varible interpolation.

    Quoting the manual :

    Heredoc text behaves just like a
    double-quoted string, without the
    double quotes. This means that quotes
    in a heredoc do not need to be
    escaped, but the escape codes listed
    above can still be used. Variables are
    expanded, but the same care must be
    taken when expressing complex
    variables inside a heredoc as with
    strings.

    Note : read the manual about that : there are some things you must know before using heredoc syntax (like the fact that the closing identifier must be alone on its line)

    • 0