标签< script>从字段< textarea>中删除提交表格后 [英] Tags <script> cut out of the field <textarea> after the form is submitted

查看:82
本文介绍了标签< script>从字段< textarea>中删除提交表格后的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我从表单发送POST数据时遇到问题.表单中有一个<textarea>,我要粘贴一些包含标签<script>的数据(例如,网站访问量的计数器代码,没关系).

I have an issue with sending POST data from my form. There is a <textarea> in the form where i'm trying to paste some data which contain a tag <script> (e.g. a code of counter for website traffic, it doesn't matter).

<form action="/savepage" method="POST">
   <button type="submit">Save</button>
    <fieldset>
            <textarea name="content">
              Some <b>text</b>
              <script src="script_source" type="text/javascript"></script>
            </textarea>
    </fieldset>
</form>

提交表单后,我收到一个$_POST数组,其中包含我的表单的所有字段,但是$_POST['content']变量中缺少标签<script>.当我在同一字段中插入任​​何其他标签时,不会发生此问题.

After the form was submitted I receive the $_POST array which contains all fields of my form, but tags <script> are missing in the $_POST['content'] variable. This problem does not occur when I insert any other tags in the same field. 

var_dump($_POST["content"]);

给予

string(18)有些<b>text</b>

"

有人可以向我解释提交表单时<textarea>字段中的<script>标记会发生什么,为什么$_POST['content']变量中不存在这些标记吗?我网站的后端在Kohana Framework v.2.4上.也许是Kohana削减了标签...或者,Apacahe或PHP设置中是否有可以执行此操作的选项? 预先感谢.

Can anybody explain me what happens with the tags <script> in the <textarea> field when submitting the form and why they are absent in the $_POST['content'] variable? The back-end of my site is on the Kohana Framework v.2.4. Perhaps it's Kohana who cut tags... Or, maybe, is there an option in the Apacahe or PHP settings which can do this things? Thanks in advance.

推荐答案

如果将<script> -tag放在前面,则需要对其进行编码,以使浏览器不会解析内容

If you put the <script>-tag in before, you need to encode it, so that the browser does not parse the content

所以-使用htmlspecialchars():

<form action="/savepage" method="POST">
   <button type="submit">Save</button>
    <fieldset>
            <textarea name="content">
<?php echo(htmlspecialchars('
              Some <b>text</b>
              <script src="script_source" type="text/javascript"></script>'); ?>
            </textarea>
    </fieldset>
</form>

这篇关于标签&lt; script&gt;从字段&lt; textarea&gt;中删除提交表格后的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆