1

I'm using CKEDITOR and ajax to post news in a website I've created.

Everything works just fine, but apparently when I send text containing style="display:none", for example, when posting I get a 403 error. It doesn't happen If I remove that line or change letters like style="misplay:none"

Here is my code

PHP

$title=$this->input->post('title');
$body=$this->input->post('body');
$published=$this->input->post('published');
$tags=$this->input->post('tags');

Ajax call

$.ajax({
    url: '/reviews_aj/addreviews',
    type: 'POST',
    data: {'title':title,'body':body,'published':published,'tags':tags},
    success: function(result){
         ...            

    }
});

The weirdest part is that the addreviews function is actually called but $_POST seems to be empty and a 403 error is returned.

This is what's being sent

id=18&title=asdasdas&body=style%3D%22display%3Anone%22&published=false&tags=

var_dump($_POST); returns an empty array.

I've started to think that the problem is Jquery, somehow converting special chars the wrong way (and messing with the uri rerouting of Codeigniter. But I don't really know

EDIT for @shershams You asked me to try this.

var temp = {'title':title,'body':body,'published':published,'tags':tags}; 
console.log( JSON.stringify(temp, undefined, 4) );

This is the output

{
    "title": "style=\"display:none\"",
    "body": "<p>\n\tasdasd</p>\n",
    "published": false,
    "tags": ""
}

Looks exactly to what I expected

EDIT:

Just noticed that sending it through a simple POST (not ajax, a simple form) wont work either.

EDIT:

style='display:none' with single quotes works, I don't control CKEDITOR's output though, it should work with both double and single quotes

4

4 回答 4

0

根据您的评论,当“显示:无”时会出现问题

当一个元素显示为 none 时,它​​的行为总是奇怪和意外,它不会改变位置,不会在某些浏览器中返回 innerHTML,等等......

我假设这是因为浏览器随后将其转储到“无用的东西”箱中,并断开所有连接器的正常行为以节省内存/cpu 空间或其他东西。

尝试定位视口的绝对“外部”("position:absolute;top:-100px;left:-100px;") 并检查您的代码,然后检查其功能。

如果它无论如何都被隐藏了,那么它在页面上的位置并不重要。

于 2012-06-15T07:17:58.390 回答
0

将双引号更改为单引号:D!

于 2012-06-09T00:48:51.427 回答
0

我认为你应该使用site_url(). 不确定某些 url 会发生什么,例如/foo/bar.

这是类似问题的答案。试试看 :)

<script type="text/javascript">
    var site_url = '<?php echo site_url(); ?>';
    var url = site_url + '/controller/action/param1/param2';
    // AJAX with url
</script>

如果事情没有解决,请尝试检查您的日志。您可能会看到实际请求了哪个 url。

于 2012-06-13T10:54:14.567 回答
0

像这样双重编码和发送呢?

<?php $string = urlencode(urlencode("style=\"display: none;\"";)) ?>

然后通过 ajax 发送该编码字符串:

$.ajax({
    url: '/reviews_aj/addreviews/$string',
    type: 'POST'
});

在另一端,只需使用段解码:

$text = urldecode(urldecode($this->uri->segment(3)));
于 2012-06-09T04:41:20.700 回答