How To Post HTML Via URL

Question

Is it possible to send html code via a url and display the parameter containing the html code as HTML where the parameter is received?

I.E. <a href='./displayHtml.php?description=<strong>Title</strong><table>...</table>'>Send Html</a>

Answer 1

Well - you could do this - but it will be very very dangerous

displayHtml.php

<?php
    echo $_SERVER["QUERY_STRING"]

As @Quentin pointed out - there are all sort of XSS/security issues.

edit: this might be slightly more secure:

<?php
    echo htmlentities($_SERVER["QUERY_STRING"]);

Answer 2

There is nothing (by default — XSS filters might not like it) stopping you including characters that have special meaning inside a URL. However:

• You can't make a POST request with a link, the data will appear (in PHP) in $_GET
• You should urlencode data before putting it in a URL
• You should HTML encode data before putting it in HTML

Such:

<?php
    $description = htmlspecialchars(
        urlencode(
            "<strong>Title</strong>etc etc"
        )
    );
?>
<a href="./displayHtml.php?description=<?=$description?>">

Make sure you implement suitable defences against XSS attacks before injecting user input (e.g. anything you read from $_GET) into HTML documents though.