README.md
Rendering markdown...
<?php
require_once 'vendor/autoload.php';
use Sabberworm\CSS\Parser;
use Sabberworm\CSS\CSSList\Document;
// Vulnerable usage - passes user input to getSelectorsBySpecificity which uses eval()
if (isset($_GET['n'])) {
$css = '#test .help { color: red; }';
$parser = new Parser($css);
$doc = $parser->parse();
// This is the vulnerable call - eval() on user-controlled input
$selectors = $doc->getSelectorsBySpecificity('> ' . $_GET['n']);
echo "<pre>";
print_r($selectors);
echo "</pre>";
} else {
echo "Sabberworm PHP CSS Parser Test - pass ?n= parameter";
}