问题描述
我从表单发送POST数据时遇到问题.表单中有一个<textarea>
,我要粘贴一些包含标签<script>
的数据(例如,网站访问量的计数器代码,没关系).
I have an issue with sending POST data from my form. There is a <textarea>
in the form where i'm trying to paste some data which contain a tag <script>
(e.g. a code of counter for website traffic, it doesn't matter).
<form action="/savepage" method="POST">
<button type="submit">Save</button>
<fieldset>
<textarea name="content">
Some <b>text</b>
<script src="script_source" type="text/javascript"></script>
</textarea>
</fieldset>
</form>
提交表单后,我收到一个$_POST
数组,其中包含我的表单的所有字段,但是$_POST['content']
变量中缺少标签<script>
.当我在同一字段中插入任何其他标签时,不会发生此问题.
After the form was submitted I receive the $_POST
array which contains all fields of my form, but tags <script>
are missing in the $_POST['content']
variable. This problem does not occur when I insert any other tags in the same field.
var_dump($_POST["content"]);
给予
"
有人可以向我解释提交表单时<textarea>
字段中的<script>
标记会发生什么,为什么$_POST['content']
变量中不存在这些标记吗?我网站的后端在Kohana Framework v.2.4上.也许是Kohana削减了标签...或者,Apacahe或PHP设置中是否有可以执行此操作的选项?预先感谢.
Can anybody explain me what happens with the tags <script>
in the <textarea>
field when submitting the form and why they are absent in the $_POST['content']
variable? The back-end of my site is on the Kohana Framework v.2.4. Perhaps it's Kohana who cut tags... Or, maybe, is there an option in the Apacahe or PHP settings which can do this things?Thanks in advance.
推荐答案
如果将<script>
-tag放在前面,则需要对其进行编码,以使浏览器不会解析内容
If you put the <script>
-tag in before, you need to encode it, so that the browser does not parse the content
所以-使用htmlspecialchars()
:
<form action="/savepage" method="POST">
<button type="submit">Save</button>
<fieldset>
<textarea name="content">
<?php echo(htmlspecialchars('
Some <b>text</b>
<script src="script_source" type="text/javascript"></script>'); ?>
</textarea>
</fieldset>
</form>
这篇关于标签< script>从字段< textarea>中删除提交表格后的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!