堆栈内存溢出
  简体   繁体   English

为什么$ _POST从字符串中删除HTML标签?

[英]Why $_POST is removing HTML tags from string?

 原文  2016-04-06 02:19:40       javascript/ php/ jquery/ ajax/ fat-free-framework

问题描述

I'm on PHP 5.6 using the Fat Free Framework (if it matters) and having a weird issue. 我使用的是Fat Free Framework(如果很重要)在PHP 5.6上,并且遇到了一个奇怪的问题。 I am sending form data to the server like so: 我将表单数据发送到服务器,如下所示: 

function submitForm(form) 
{
    var fd = new FormData();
    var file_data = isImageIncluded ? $('input[type="file"]')[0].files : [];
    for (var i = 0; i < file_data.length; i++) {
        fd.append("file_" + i, file_data[i]);
    }
    var other_data = $(form).serializeArray();
    $.each(other_data, function(key, input) {
        fd.append(input.name, input.value);
    });

    sendData(url, fd, form);
}

function sendData(url, data, form) 
{
    $.ajax({
        type: 'POST',
        url: url,
        data: data,
        contentType: false,
        processData: false,
        success: function(data) {
            console.log(data);
        }
    }
});

} }

So as I debug the code above, I see the data being sent from the wysiwyg with html tags like <b></b> . 因此,当我调试上面的代码时,我看到从wysiwyg发送的数据是带有<b></b>类的html标签的。

The problem is on the PHP side. 问题出在PHP方面。 Here's the method: 方法如下: 

public function editRelease()
{
    var_dump($_POST['description']);exit;
}

And cannot get the description to show the html tags in the string. 并且无法获取描述以在字符串中显示html标签。 Does anyone have an idea on what's happening? 有人对发生的事情有想法吗?

EDIT 编辑

Here's a screenshot of my headers from Chrome. 这是我的Chrome标头的屏幕截图。 I marked the object I'm referring to. 我标记了我要指的对象。 As it shows, the html tags are going to the server, so I'm not sure why it's not showing in the $_POST array. 如图所示,html标记将发送到服务器,所以我不确定为什么它没有显示在$ _POST数组中。

屏幕截图

EDIT 2 编辑2

And here is a screenshot of the response I get corresponding to the screenshot of the headers above: 这是我得到的响应的屏幕截图,与上面标题的屏幕截图相对应: 在此处输入图片说明

Has anyone ever seen this? 有人看过吗?

1 个解决方案

解决方案1
 2 已采纳  2016-04-06 13:16:32

For those wondering, I found out that in my variation of the Fat Free Framework, called F3 Boilerplate , there was a section of code stripping the tags out. 对于那些想知道的人,我发现在我的Fat Fat Framework版本中,称为F3 Boilerplate ,有一段代码将标签剥离。 Inside of its app.php, I found 在其app.php中,我发现 

// clean ALL incoming user input by default
$request = array();
foreach (array('GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'COOKIE') as $var) {
    $input = $f3->get($var);
    if (is_array($input) && count($input)) {
        $cleaned = array();
        foreach ($input as $k => $v) {
            $k = strtolower(trim($f3->clean($k)));
            $v = $f3->clean($v);
            if (empty($v)) {
                continue;
            }
            $cleaned[$k] = $v;
            $request[$k] = $v;
        }
        ksort($cleaned);
        $f3->set($var, $cleaned);
    }
}

which removes tags from all incoming input using $f3->clean() so I had to modify it to whitelist tags as explained in the documentation http://fatfreeframework.com/base#clean . 它将使用$f3->clean()从所有传入输入中删除标签,因此我不得不按照文档http://fatfreeframework.com/base#clean中的说明将其修改为白名单标签。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从字符串中删除部分html标签 - removing partial html tags from string 从 React 中的字符串中删除 html 标签 - Removing html tags from string in React 如何从字符串中删除html标签而不删除Js中的特定标签 - How to remove html tags from string without removing specific tags in Js 删除字符串中的特定html标签-javascript - removing specific html tags in a string - javascript 从字符串中删除HTML - Removing HTML from a string 从本地文件中删除/编辑 HTML 标签 - Removing/editing HTML tags from local file 从Perl中的字符串中删除开始和结束标签 - Removing starting and ending tags from a string in Perl 发布包含javascript中html标记的字符串 - Post a string contains html tags in javascript 从字符串中删除 html 属性? - Removing html attribute from String? Jquery - 从HTML中删除一个字符但保持html标记不变 - Jquery - removing a character from HTML but leaving html tags unchanged
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM