通过AJAX问题发送带有HTML注释的帖子请求
[英]Sending a post request with HTML comment via AJAX issue
问题描述
I faced the following issue while I submitting my form using jQuery FORM and doing POST submit. 
我使用jQuery FORM提交表单并进行POST提交时遇到以下问题。
When I type into input field an HTML comment: 当我在输入字段中输入HTML注释时:
< !-- #without space after < symbol
The request never goes submitted and it waits forever. 该请求永远不会被提交,它将永远等待。
I believe that the reason is that the HTML comment ruins an XMLHttpRequest object and it never get parsed with PHP. 我相信原因是HTML注释破坏了XMLHttpRequest对象,并且永远不会用PHP对其进行解析。 I can just parse out the html comments from input fields before submitting, but something tells me, that its not the best solution to solve this. 我可以在提交之前解析输入字段中的html注释,但是有些信息告诉我,这不是解决此问题的最佳解决方案。 Does anybody know the best solution to avoid this issue to happen? 有谁知道避免此问题发生的最佳解决方案?
The HTML code of my form is the following: 我的表单的HTML代码如下:
<form method="post" action="/orders/place" class="form a-center" id="orderForm">
<input type="text" x-webkit-speech="" value="Sign text" name="sign" id="sign">
<textarea rows="7" name="comments" id="comments">Order comments</textarea>
<p>
<button id="orderSubmitBtn" class="button" type="submit">
</p>
</form>
The Javascript is a simple jQuery form submission: Javascript是一个简单的jQuery表单提交:
var options = {
dataType: 'json',
success: function(data) {
if (data.ok) {
//do some action here!
}
}
};
$('#orderForm').ajaxSubmit(options);
The only case when it fails is the case when I input an html comment tag. 唯一失败的情况是我输入html注释标签的情况。
Also here is the link to the page containing the form http://sandsign.com (Just try entering < !-- text in a sign text a press Lets Go button) 这也是指向包含http://sandsign.com格式的页面的链接(只需尝试在符号文本中输入<!-文字,然后按放手按钮即可)
2 个解决方案
解决方案1
1 2012-03-23 13:09:03
Instead of parsing just the comment, you could html encoding the textarea content before submiting it and then decode it in the server. 不仅可以解析注释,还可以在提交文本区域之前对其进行html编码,然后在服务器中对其进行解码。 These are the functions to html encode/decode something with JQuery: 这些是使用JQuery进行html编码/解码的功能:
function htmlEncode(value){
return $('<div/>').text(value).html();
}
function htmlDecode(value){
return $('<div/>').html(value).text();
}
via ( HTML-encoding lost when attribute read from input field ) 通过( 当从输入字段读取属性时,HTML编码丢失 )
And then decode it in PHP with htmlentities: 然后使用htmlentities在PHP中对其进行解码:
http://php.net/manual/es/function.htmlentities.php http://php.net/manual/es/function.htmlentities.php
解决方案2
1 已采纳 2012-03-23 16:35:11
Thanks to RoToRa - I narrowed down my research to PHP script I'm posting to. 感谢RoToRa-我将研究范围缩小到要发布的PHP脚本。 And realized that it's a bug in Zend Filter class :-(. 并意识到这是Zend Filter类中的一个错误:-(。
The following PHP code with Zend Framework for some reason freezes forever while receiving < !-- as a POST parameter : 以下基于Zend Framework的PHP代码由于接收<!-作为POST参数而永久冻结:
$filterChain = new Zend_Filter();
$filterChain->addFilter(new Zend_Filter_StringTrim())
->addFilter(new Zend_Filter_StripTags());
$this->getHelper('viewRenderer')->setNoRender();
$signFiltered = $filterChain->filter($_POST['sign']);
Thanks everybody for advices! 谢谢大家的建议!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.