stackoom
  简体   繁体   中英

Sending a post request with HTML comment via AJAX issue

 原文  2012-03-23 07:58:53       jquery/ ajax/ forms/ post/ xmlhttprequest

Question

I faced the following issue while I submitting my form using jQuery FORM and doing POST submit.

When I type into input field an HTML comment: 

< !-- #without space after < symbol

The request never goes submitted and it waits forever.

I believe that the reason is that the HTML comment ruins an XMLHttpRequest object and it never get parsed with PHP. I can just parse out the html comments from input fields before submitting, but something tells me, that its not the best solution to solve this. Does anybody know the best solution to avoid this issue to happen?

The HTML code of my form is the following: 

<form method="post" action="/orders/place" class="form a-center" id="orderForm"> 
 <input type="text" x-webkit-speech="" value="Sign text" name="sign" id="sign">
 <textarea rows="7" name="comments" id="comments">Order comments</textarea>
 <p>
  <button id="orderSubmitBtn" class="button" type="submit">
 </p>        
</form>

The Javascript is a simple jQuery form submission: 

var options = {
 dataType: 'json',
 success: function(data) { 
   if (data.ok) {
     //do some action here!
   }
 }
};
$('#orderForm').ajaxSubmit(options);

The only case when it fails is the case when I input an html comment tag.

Also here is the link to the page containing the form http://sandsign.com (Just try entering < !-- text in a sign text a press Lets Go button)

2 answers

solution1
 1  2012-03-23 13:09:03

Instead of parsing just the comment, you could html encoding the textarea content before submiting it and then decode it in the server. These are the functions to html encode/decode something with JQuery: 

function htmlEncode(value){
  return $('<div/>').text(value).html();
}

function htmlDecode(value){
  return $('<div/>').html(value).text();
}

via ( HTML-encoding lost when attribute read from input field )

And then decode it in PHP with htmlentities:

http://php.net/manual/es/function.htmlentities.php

solution2
 1 ACCPTED  2012-03-23 16:35:11

Thanks to RoToRa - I narrowed down my research to PHP script I'm posting to. And realized that it's a bug in Zend Filter class :-(.

The following PHP code with Zend Framework for some reason freezes forever while receiving < !-- as a POST parameter : 

$filterChain = new Zend_Filter();
$filterChain->addFilter(new Zend_Filter_StringTrim())
            ->addFilter(new Zend_Filter_StripTags());
$this->getHelper('viewRenderer')->setNoRender();
$signFiltered   = $filterChain->filter($_POST['sign']);

Thanks everybody for advices!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Sending a post request via ajax is not working sending post with ajax - bad request issue Jquery Ajax POST Request sending data issue ajax request issue when sending post request to db mysql Jquery Ajax not sending multiple data via post request Sending a JSON Object via AJAX POST Request to Rails Controller Sending data from table to servlet through AJAX via POST request sending json data as POST request via .ajax call Issue while sending request via jQuery AJAX for file upload Issue while sending special characters in ajax post request
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM