All geek questions in one place

Sending email request with HTML comments via AJAX issue

I had the following problem when I submitted my form using jQuery FORM and did a POST submit.

When I enter an HTML comment in the input box:

< !-- #without space after < symbol

The request is never sent, and it waits forever.

I believe the reason is that the HTML comment destroys the XMLHttpRequest object and is never processed by PHP. I can just parse the html comments from the input fields before submitting, but something tells me that this is not the best solution to solve this problem. Does anyone know a better solution to avoid this problem?

The HTML code for my form is as follows:

 <form method="post" action="/orders/place" class="form a-center" id="orderForm"> <input type="text" x-webkit-speech="" value="Sign text" name="sign" id="sign"> <textarea rows="7" name="comments" id="comments">Order comments</textarea> <p> <button id="orderSubmitBtn" class="button" type="submit"> </p> </form>

Javascript is a simple representation of a jQuery form:

 var options = { dataType: 'json', success: function(data) { if (data.ok) { //do some action here! } } }; $('#orderForm').ajaxSubmit(options);

The only time it fails is when I entered the html comment tag.

There is also a link to a page containing the form http://sandsign.com (just try entering <! - text in the character text, click the Lets Go button)

+4
source share
2 answers

Thanks RoToRa - I narrowed my research down to the PHP script I am posting to. And I realized that this is a mistake in the Zend Filter class :-(.

The following PHP code with the Zend Framework for some reason freezes forever upon receiving <! - as a POST parameter:

 $filterChain = new Zend_Filter(); $filterChain->addFilter(new Zend_Filter_StringTrim()) ->addFilter(new Zend_Filter_StripTags()); $this->getHelper('viewRenderer')->setNoRender(); $signFiltered = $filterChain->filter($_POST['sign']);

Thanks everyone for the advice!

+1
source

Instead of parsing only a comment, you can html encode the contents of textarea before sending it, and then decode it on the server. These are the html functions to encode / decode something using jQuery:

 function htmlEncode(value){ return $('<div/>').text(value).html(); } function htmlDecode(value){ return $('<div/>').html(value).text(); }

through ( HTML coding lost if attribute is read from input field )

And then decrypt it in PHP using htmlentities:

http://php.net/manual/es/function.htmlentities.php

+1
source

Source: https://habr.com/ru/post/1403028/

More articles:


All Articles