当文本区域包含
我的网站上有一个表单,允许用户为我的网站上动态生成的页面插入内容。该表单以及其他控件都有一个文本区域,用户需要在其中键入/粘贴 html 代码以用作页面正文。 只要文本区域不包含“script”标签,该表单似乎就可以正常工作。当粘贴包含 script 标签的 html 代码并提交表单时,请求似乎被服务器终止,$_POST、$_GET 和 $_REQUEST 变量为空。该代码在我的 Windows 测试机(WAMP 5.xx)上运行良好,但是,在托管网站(Linux 托管)的情况下,该代码将无法运行。 我读过类似的问题,有人在 .htaccess 文件中发布了以下代码会有帮助,但对我的情况没有帮助:
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>
似乎存在一些配置问题,我还检查了两个系统的 phpinfo() 和没有显着差异。 请帮忙,该网站需要在本周内上线。
I have a form on my website to allow user to insert content for dynamically generated pages on my website. The form along with other controls has a textarea where user is required to type/paste html code to be used as body of the page.
The form seems to work fine as long as the textarea doesn't contain "script" tag. When html code containing script tag is pasted and form is submitted, the request seems to be killed by the server, the $_POST, $_GET and $_REQUEST variables are empty. The code works fine on my windows testing machine (WAMP 5.xx) however, where the website is hosted(Linux hosted) the code won't work.
I've read in similar questions, someone posted the following code in .htaccess file would help, but it doesn't help in my case:
<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>
It appears there is some configuration issue, i've also checked phpinfo() for both systems and there is no significant difference.
Please help, the site needs to go live within this week.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
过滤怎么样?提交前打标签?客户端 Javascript 就可以做到这一点。
也许正则表达式可以提供帮助。这样您就不必进行服务器配置,并且不会损害安全性
What about filtering <string> tags before submitting? A client side Javascript could do the trick.
Maybe regexes could help. This way you don't have to work on server configuration and you do not compromise security