问题
I have an issue with sending POST data from my form. There is a <textarea> in the form where i'm trying to paste some data which contain a tag <script> (e.g. a code of counter for website traffic, it doesn't matter).
<form action="/savepage" method="POST">
<button type="submit">Save</button>
<fieldset>
<textarea name="content">
Some <b>text</b>
<script src="script_source" type="text/javascript"></script>
</textarea>
</fieldset>
</form>
After the form was submitted I receive the $_POST array which contains all fields of my form, but tags <script> are missing in the $_POST['content'] variable. This problem does not occur when I insert any other tags in the same field.
var_dump($_POST["content"]);
gives
string(18) "Some
<b>text</b>"
Can anybody explain me what happens with the tags <script> in the <textarea> field when submitting the form and why they are absent in the $_POST['content'] variable? The back-end of my site is on the Kohana Framework v.2.4. Perhaps it's Kohana who cut tags... Or, maybe, is there an option in the Apacahe or PHP settings which can do this things?
Thanks in advance.
回答1:
If you put the <script>-tag in before, you need to encode it, so that the browser does not parse the content
So - use htmlspecialchars():
<form action="/savepage" method="POST">
<button type="submit">Save</button>
<fieldset>
<textarea name="content">
<?php echo(htmlspecialchars('
Some <b>text</b>
<script src="script_source" type="text/javascript"></script>'); ?>
</textarea>
</fieldset>
</form>
回答2:
Because that is being parsed as HTML script tag instead of being treated as text. Use html-entities for parsing it as text.
So, it'll be:
<script src="script_source" type="text/javascript"></script>
来源:https://stackoverflow.com/questions/12072450/tags-script-cut-out-of-the-field-textarea-after-the-form-is-submitted