CODEWITHSUNDEEP
phpapachepost
Enacefio
Enacefio

Reputation: 183

Allow to send Javascript Code with Method Post in PHP

I have a problem submitting a form from my app.

I need to send some JavaScript code from a form to a controller page. The code in html is like:

<form method="post" action="controller/mycontroller.php">
    <textarea name="code"></textarea>
    <input type="submit" value="send" />
</form>

If I send on textarea "Hello world" for example, the controller works fine, but if I try to send some javascript code like alert(1); I get a forbidden message from server.

Any solution for send javascript code to server as a string like filters or allowing something on the .htaccess file?

Thanks!

RE-Edit: Test example: http://pruebas.intelectiva.biz/test/

Upvotes: 0

Views: 760

Answers (3)

Melk90
Melk90

Reputation: 380

You must convert at first the text of the textarea with javascript to replace the code like brakets into random letters that you will never use.

<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script>
$(document).ready(function() {
    $("#send").click(function(event) {
        event.preventDefault();

        var code = $("#code").val();

        code = code.replace(/\(/g, "^)·(");
        code = code.replace(/\{/g, "=?¿¡12");
        code = code.replace(/\</g, "++ççcsacsa");

        $("#code").val(code);
        alert (code);

        $("#form").submit();
    });
});
</script>

And then, in the server side reconvert the text to your desired text:

<?php
$code = $_POST['code'];
$code = str_replace('^)·(', '(', $code);
$code = str_replace('=?¿¡12', '{', $code);
$code = str_replace('++ççcsacsa', '<', $code);
echo '<script>'. $code . '</script>';
?>

Upvotes: 2

user2381080
user2381080

Reputation: 1

If you get a forbidden error then definitely it is a permissions fault. It had happened to me earlier. Just right click on your web directory and make sure the permissions for the file "controller/mycontroller.php" for "other uses" is set to "read" if you're on ubuntu

can you please tell us which OS you're using?

(by the way, when you say action="controller/mycontroller.php" it means that the folder controller is in the same folder as the HTML form)

also to execute the javascript your php file should look like this:

<?php
    echo "<script>" . $_POST['code'] . "</script>";
?>

EDIT: hey friend! i tried your example on my server, it worked here's my app: 

http://106.51.68.115/test/x.html

instead of submitting the form to another php file try submitting it to the same file:

<form method="post" action="controller/mycontroller.php">
    <textarea name="code"></textarea>
    <input type="submit" value="send" />
</form>

<?php
if(isset($_POST['code'])){
print "<script>".$_POST['code']."</script>";
}
?>

EDIT XYZ: try this code, it doesn't involve PHP and i think it should work:

<html>
<body>
<form name = "x">
<textarea id="code"></textarea></form><button onclick="document.write('<script>'+document.x.code.value+'</script>');">send</button>
</body>
</html>

Upvotes: 0

Filippo oretti
Filippo oretti

Reputation: 49817

it doesn't depends on what you are posting but i think it depends on WHERE you are posting, are you sure this action="controller/mycontroller.php" is correct?

try action="http://www.mysite.com/controller/mycontroller.php" instead

also post your .htaccess if you have one

and yeah, put your project folder and files to right permissions, if from shell:

sudo chmod 755 <filename>

Upvotes: 0

Related Questions