javascript content in $_POST

Hi,

I am trying to post a javascript content via form textarea input
element.
But when i click send (post) the posted page comes unaccesible.

example content for post :



I think it is about apache or php configuration.

In my local computer , there is no problem.Problem occurs my hosting
environment.


Regards,


--
Gokhan Altinsoy ~= 15000 -->
http://www.itinfomap.com/bilin/person.php?this=this&op=view& itemid=106

Re: javascript content in $_POST

Gökhan Altınsoy wrote:
> Hi,
>
> I am trying to post a javascript content via form textarea input
> element.

Hi,

I am unsure I understand what you mean.
You cannot post a JavaScript variable by means of posting a form.
You can of course put the value of a javascriptvariable INTO a form
before posting it.
But the only thing that arrives at the server after the post is the
content of the form, not one JavaScript variable will be posted by itself.


> But when i click send (post) the posted page comes unaccesible.

What do you mean by that?

>
> example content for post :
>
>

That is NOT a form, nor a post. It is just a piece of JavaScript.

>
> I think it is about apache or php configuration.

I don't think so.

>
> In my local computer , there is no problem.Problem occurs my hosting
> environment.
>
>

Please understand we can only guess what you are doing, and so we can
also only guess at your problem.
Write it over in a more clear way with a little piece of relevant code.

Regards,
Erwin Moller

> Regards,
>
>
> --
> Gokhan Altinsoy ~= 15000 -->
> http://www.itinfomap.com/bilin/person.php?this=this&op=view& itemid=106

Re: javascript content in $_POST

On 3 Dec, 11:40, Erwin Moller
wrote:
> I am unsure I understand what you mean.
> You cannot post a JavaScript variable by means of posting a form.
> You can of course put the value of a javascriptvariable INTO a form
> before posting it.
Erwin, he was quite clear in his post (on this point at least). He is
not trying to post a javacript variable.

He said that he is putting:


in a textarea.

What is not clear to me is precisely in what way "the posted page
comes unaccesible"?

Re: javascript content in $_POST

On Mon, 03 Dec 2007 12:40:22 +0100, Erwin Moller
wrote:
> Gökhan Altınsoy wrote:
>> I am trying to post a javascript content via form textarea input
>> element.
>
> I am unsure I understand what you mean.

Neither can I

>> But when i click send (post) the posted page comes unaccesible.
>
> What do you mean by that?

Posted 'page'? Chances are this is a CMS backend, and this particular code
breaks the CMS?

>> example content for post :
>>
>
> That is NOT a form, nor a post. It is just a piece of JavaScript.
>
>> I think it is about apache or php configuration.
>
> I don't think so.
>
>> In my local computer , there is no problem.Problem occurs my hosting
>> environment.

Keep in mind the different 'security clearances' of javascript depending
on where it comes from..


> Please understand we can only guess what you are doing, and so we can
> also only guess at your problem.
> Write it over in a more clear way with a little piece of relevant code.

Indeed. An url of (a mockup of) the form would also help a lot in
understanding the OP.
--
Rik Wasmus

Re: javascript content in $_POST

Captain Paralytic wrote:
> On 3 Dec, 11:40, Erwin Moller
> wrote:
>> I am unsure I understand what you mean.
>> You cannot post a JavaScript variable by means of posting a form.
>> You can of course put the value of a javascriptvariable INTO a form
>> before posting it.
> Erwin, he was quite clear in his post (on this point at least). He is
> not trying to post a javacript variable.
>
> He said that he is putting:
>

Yes, you are right.
He clearly stated he was posting that piece of javascript.

Nothing wrong with that as far as I can see.

Chances are that the receiving script is part of some CMS and doesn't
want Javascript content, like Rik suggested in the other thread.
Maybe it filters it away, or takes some other action.
Hard to say. More onfo please! :-)

Erwin

>
> in a textarea.
>
> What is not clear to me is precisely in what way "the posted page
> comes unaccesible"?

Re: javascript content in $_POST

On Dec 3, 1:55 pm, Captain Paralytic wrote:
> On 3 Dec, 11:40, Erwin Moller wrote:
> > I am unsure I understand what you mean.
> > You cannot post a JavaScript variable by means of posting a form.
> > You can of course put the value of a javascriptvariable INTO a form
> > before posting it.
>
> Erwin, he was quite clear in his post (on this point at least). He is
> not trying to post a javacript variable.
>
> He said that he is putting:
>
>
> in a textarea.
>

That is right.

> What is not clear to me is precisely in what way "the posted page
> comes unaccesible"?

It is very intersting problem.
When i click to post, browser shows "Page can not be displayed" error.
If i put normal text to text are , there is no problem.

It seems, post content with js corrupts posting header or something
like that.

I published a test page for this problem.You can test it.



copy paste js content and save on

http://www.taginternet.com/tagger/testpost.php

address


Thanks everybody for comments

Re: javascript content in $_POST

Gökhan Altınsoy wrote:
> On Dec 3, 1:55 pm, Captain Paralytic wrote:
>> On 3 Dec, 11:40, Erwin Moller wrote:
>>> I am unsure I understand what you mean.
>>> You cannot post a JavaScript variable by means of posting a form.
>>> You can of course put the value of a javascriptvariable INTO a form
>>> before posting it.
>> Erwin, he was quite clear in his post (on this point at least). He is
>> not trying to post a javacript variable.
>>
>> He said that he is putting:
>>
>>
>> in a textarea.
>>
>
> That is right.
>
>> What is not clear to me is precisely in what way "the posted page
>> comes unaccesible"?

Hi,

A wild guess: Maybe your receiving script doesn't escape "?

Try posting this and see what happens:
test with " in it

Does that also produce an error?

And what is more: Be sure you see the error instead of 'Page cannot be
displayed'.

Make sure errorreporting is on.

Good luck.

Regards,
Erwin Moller


>
> It is very intersting problem.
> When i click to post, browser shows "Page can not be displayed" error.
> If i put normal text to text are , there is no problem.
>
> It seems, post content with js corrupts posting header or something
> like that.
>
> I published a test page for this problem.You can test it.
>
>
>
> copy paste js content and save on
>
> http://www.taginternet.com/tagger/testpost.php
>
> address
>
>
> Thanks everybody for comments

Re: javascript content in $_POST

On Mon, 03 Dec 2007 20:49:33 +0100, Gökhan Altınsoy
wrote:
> copy paste js content and save on
>
> http://www.taginternet.com/tagger/testpost.php
>
> address

I'd day this is input filtering go overboard, ' it, other tags seem to be OK, '
So, what kind of filtering do you use?
--
Rik Wasmus

Re: javascript content in $_POST

On Tue, 04 Dec 2007 11:34:49 +0100, Rik Wasmus
wrote:

> On Mon, 03 Dec 2007 20:49:33 +0100, Gökhan Altınsoy
> wrote:
>> copy paste js content and save on
>>
>> http://www.taginternet.com/tagger/testpost.php
>>
>> address
>
> I'd day

Huh? "I'd think"... I can't for the life of me trace back how 'day' was
entered there...
--
Rik Wasmus

Re: javascript content in $_POST

On 4 Dec, 10:36, "Rik Wasmus" wrote:
> On Tue, 04 Dec 2007 11:34:49 +0100, Rik Wasmus
>
> wrote:
> > On Mon, 03 Dec 2007 20:49:33 +0100, Gökhan Alt=FDnsoy
> > wrote:
> >> copy paste js content and save on
>
> >>http://www.taginternet.com/tagger/testpost.php
>
> >> address
>
> > I'd day
>
> Huh? "I'd think"... I can't for the life of me trace back how 'day' was
> entered there...
> --
> Rik Wasmus

Maybe you were gonna say "I'd say" and the "d" and "s" keys are next
to each other (at least they are on my quay bored)

Re: javascript content in $_POST

On Tue, 04 Dec 2007 12:33:46 +0100, Captain Paralytic
wrote:

> On 4 Dec, 10:36, "Rik Wasmus" wrote:
>> On Tue, 04 Dec 2007 11:34:49 +0100, Rik Wasmus
>>
>> wrote:
>> > On Mon, 03 Dec 2007 20:49:33 +0100, Gökhan Altınsoy
>> > wrote:
>> >> copy paste js content and save on
>>
>> >>http://www.taginternet.com/tagger/testpost.php
>>
>> >> address
>>
>> > I'd day
>>
>> Huh? "I'd think"... I can't for the life of me trace back how 'day' was
>> entered there...
>
> Maybe you were gonna say "I'd say" and the "d" and "s" keys are next
> to each other (at least they are on my quay bored)

You are offcourse totally correct. A very likely scenario now you mention
it. Luckily english is not my native language so I tend to get away with
oversights like these :).
--
Rik Wasmus

Re: javascript content in $_POST

On Dec 4, 12:21 pm, Erwin Moller

>
> Hi,
>
> A wild guess: Maybe your receiving script doesn't escape "?
>
> Try posting this and see what happens:
> test with " in it
>
> Does that also produce an error?
>
> And what is more: Be sure you see the error instead of 'Page cannot be
> displayed'.
>
> Make sure errorreporting is on.
>
> Good luck.
>
> Regards,
> Erwin Moller
>
>

I had already tried things that you wrote.
Probably it is a bug of my apache version or php version.

Anyway, thanks. I have solved with using java script.I am replacing
"script" word with
"betikbetikbetikbetik" :) word before posting.

Re: javascript content in $_POST

On Tue, 04 Dec 2007 15:51:32 +0100, Gökhan Altınsoy
wrote:

> On Dec 4, 12:21 pm, Erwin Moller
>
>>
>> Hi,
>>
>> A wild guess: Maybe your receiving script doesn't escape "?
>>
>> Try posting this and see what happens:
>> test with " in it
>>
>> Does that also produce an error?
>>
>> And what is more: Be sure you see the error instead of 'Page cannot be
>> displayed'.
>>
>> Make sure errorreporting is on.
>>
>> Good luck.
>>
>> Regards,
>> Erwin Moller
>>
>>
>
> I had already tried things that you wrote.
> Probably it is a bug of my apache version or php version.

I'm 99.999% sure it's a filter installed by someone somewhere, which
inherently has nothing to do with PHP and/or Apache itself. Seems to me
someone wanted to avoid XSS attacks in some crude way.
--
Rik Wasmus

Re: javascript content in $_POST

� wrote:
> On Dec 4, 12:21 pm, Erwin Moller
>
>> Hi,
>>
>> A wild guess: Maybe your receiving script doesn't escape "?
>>
>> Try posting this and see what happens:
>> test with " in it
>>
>> Does that also produce an error?
>>
>> And what is more: Be sure you see the error instead of 'Page cannot be
>> displayed'.
>>
>> Make sure errorreporting is on.
>>
>> Good luck.
>>
>> Regards,
>> Erwin Moller
>>
>>
>
> I had already tried things that you wrote.
> Probably it is a bug of my apache version or php version.
>
> Anyway, thanks. I have solved with using java script.I am replacing
> "script" word with
> "betikbetikbetikbetik" :) word before posting.
>
I have found that using any variable or function name in javascript the
remotely resembles a reserved word that the vendiors particular
implementation of javashite might just conceieavbly have used, reserved,
or simply decided to hang some speciality about is a Bad Idea.

Keep javashite names short, and entirely obsucre. I even had issues with
display_the_one() and display_the_other() type clashes. Some
interpreters seemed to discard all beyond the first few characters of
the name as well.

Re: javascript content in $_POST

Rik Wasmus wrote:
> On Tue, 04 Dec 2007 15:51:32 +0100, Gökhan Altınsoy
> wrote:
>
>> On Dec 4, 12:21 pm, Erwin Moller
>>
>>>
>>> Hi,
>>>
>>> A wild guess: Maybe your receiving script doesn't escape "?
>>>
>>> Try posting this and see what happens:
>>> test with " in it
>>>
>>> Does that also produce an error?
>>>
>>> And what is more: Be sure you see the error instead of 'Page cannot be
>>> displayed'.
>>>
>>> Make sure errorreporting is on.
>>>
>>> Good luck.
>>>
>>> Regards,
>>> Erwin Moller
>>>
>>>
>>
>> I had already tried things that you wrote.
>> Probably it is a bug of my apache version or php version.
>
> I'm 99.999% sure it's a filter installed by someone somewhere, which
> inherently has nothing to do with PHP and/or Apache itself. Seems to me
> someone wanted to avoid XSS attacks in some crude way.

Dito.
This has nothing to do with PHP-version, php.ini, or Apache. Must be in
the PHP program.

This filter is installed by the original makers, or maybe even by the
original poster and he has memory issues. ;-)

Regards,
Erwin Moller