expectOutputString('<img onload="alert(1)" />'); p(''); } public function testPJavaScriptWithScriptTags(): void { $this->expectOutputString('<script>alert('Hacked!');</script>'); p(""); } public function testPNormalString(): void { $string = 'This is a good string without HTML.'; $this->expectOutputString($string); p($string); } public function testPrintUnescaped(): void { $htmlString = ""; $this->expectOutputString($htmlString); print_unescaped($htmlString); } public function testPrintUnescapedNormalString(): void { $string = 'This is a good string!'; $this->expectOutputString($string); print_unescaped($string); } public function testEmitScriptTagWithContent(): void { $this->expectOutputRegex('/