CODEWITHSUNDEEP
phphtmliframe
newman
newman

Reputation: 424

An issue with iframe

I have a function which compares emails contents from a few tables. If the contents differ, I want to display it for comparison. I am trying to do that using iframes and srcdoc attribute. This is a fragment of my email which has got inline styles and nested quotes. 

<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
        <title>Title</title>
    </head>
    <style type="text/css">a:visited {color: #fff;}</style>
    <body style="background: #fff; margin-top:25px; margin-bottom:30px; padding-top:0; padding-bottom:0;">&nbsp;
        <table align="center">

I tried to replace all quotes with that function. 

str_replace([ '"', '&' ], [ '&quot;', '&amp;amp;' ],$row1['email_content'])

but it does not work. I have also tried 

htmlentities($row1['email_content'])

and 

addslashes($row1['email_content'])

but it also did not work. How can i display email content in an iframe properly?

Upvotes: 0

Views: 576

Answers (1)

Professor Abronsius
Professor Abronsius

Reputation: 33823

I was curious about this so knocked up a couple of quick test pages to test for myself what you were saying ~ seems obvious but whatever character is used with srcdoc ( ie: srcdoc=' or srcdoc=" ) must be escaped/replaced when generating the content.

<!-- mickeymouse.html ~ used as source for `srcdoc` -->

<html>
    <head>
        <title>Mickey Mouse loved Minnie</title>    
    </head>
    <body>
        <h1>Mickey Mouse</h1>
        <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam non finibus nisl. Etiam ut velit ut est placerat dictum. </p>

        <!-- content populated by inline javascript within iframe srcdoc html -->
        <div id="donaldduck">nothing to see here</div>

        <script>document.getElementById("donaldduck").innerHTML="poor wiley coyote, when will he catch that damn bird?";</script>


        <!-- The line below caused the iframe to not correctly render before doing str_replace to edit the single quotes -->
        <p>If this text has a single quote - like ' it will cause whatever follows to not render and breaks the `srcdoc` content</p>

    </body>
</html>



<!-- iframe page - will display mickeymouse.html -->
<html>
    <head>
        <title>iframe - srcdoc</title>  
    </head>
    <body>
        <?php
            $file='mickeymouse.html';
            $html=file_get_contents( $file );
            /*

                '   ->  &#39;
                "   ->  &#34;

            */

        ?>
        <iframe srcdoc="<?php echo str_replace( '"', '&#34', $html ); ?>" width=800 height=600 sandbox='allow-forms allow-scripts allow-same-origin'></iframe>
    </body>
</html>

Upvotes: 1

Related Questions