在javascript中发送有关控制台错误的电子邮件

Question

Research I have done for this question and links:

How do you send console messages and errors to alert?

jQuery AJAX form using mail() PHP script sends email, but POST data from HTML form is undefined

The code example:

function handleError(evt) {
  if (evt.message) { // Chrome sometimes provides this
 $.ajax({
            type: "POST",
            url: "email.php",
            data: evt.message,
            success: function(){
            $('.success').fadeIn(1000);
            }
        });
  } else {
    $.ajax({
            type: "POST",
            url: "email.php",
            data: evt.type,
            success: function(){
            $('.success').fadeIn(1000);
            }
        });
  }
}

Question) What type of validation is required in "email.php" to be sure that the emails aren't malicious (to the extent that this is possible) IE: is there a vulnerability that you are exposing yourself to with this function. If there is a built in mechanism for changing the location of error logs in javascript, that too would answer this question.

Answer 1

I assume you're sending it to a known email address so checking the email isn't required?

filter_var($email, FILTER_VALIDATE_EMAIL)

Then clean the data to be sent from anything that makes your email stop from functioning properly.

function clean_string($string) {
    $bad = array("content-type","bcc:","to:","cc:","href");
    return str_replace($bad,"",$string);
}
$data = clean_string($data);

After that strip the html tags to prevent html from being sent(prevents javascript from being sent as example).

$data = strip_tags($data);

The data should be safe to send in a email now keep in mind the data is not safe yet to be sent to a sql database, if you do sent it to a databse use prepared statements so the data can't do any sql injections.