Recently i am started tuning our products to IE compatability. Now i am facing a weird problem in IE alone.
My form url is something like this https://x.com/formurl/dynamicvalue
and my form element is
<form action="" method='post'>
...
</form>
some values the dynamicvalue holds are ( Alphanumeric characters )
plan
plan2
1234443
544
Except IE every other browsers sending the actions to https://x.com/formurl/dynamicvalue
IE form action is sending to https://x.com/formurl
I don't know why this is happening, I can replace the document.URL to post the Form back to solve the problem. Still, i want to what's the reason for IE to remove that dynamicvalue
I am testing in IE-9
Kindly someone teach me.
Thanks in advance.
I have also discovered this bug in Internet Explorer 11 when reading the action attribute of a form with action set to the empty string.
<form action="" method="post"></form>
If one reads the form.action attribute in javascript and the current URL does not contain a trailing slash, the last part of the URL will be removed. I.e., if the location is example.com/xxx/yyy, form.action=="example.com/xxx, while if location is example.com/xxx/yyy/, form.action=="example.com/xxx/yyy/.
However, if the form is posted by clicking a submit button, it is posted to the correct URL, i.e., example.com/xxx/yyy or example.com/xxx/yyy/.
I overcame this by using jQuery's attr function to check if action="" in the HTML and then I use location.href instead.
if($(form).attr('action') === '') return location.href else return $(form).attr('action')
(Why would someone do this? I am intercepting the form submit and using ajax to send the data. To do this, I need to know where the form wants to submit)
Related
I'm adding in CSRF token validation and I'm running into a problem where I have two forms on a page and one of them will submit successfully and the other will not. I'm not doing AJAX requests, I'm simply using hidden input fields. If I submit the form when it is the only one on the page, it submits without issue. If I submit it on a page with more than one form, it fails.
Below is the template code for my two forms
{{if .IsAuthenticated}}
<form action='/admin/logout' method='POST'>
<button>Logout</button>
{{.CsrfField}}
</form>
{{end}}
<form action='/admin/stuff/create' method='POST'>
{{with .Form}}
<div>
<label>Title:</label>
<input type='text' name='title' value='{{.Get "title"}}'>
</div>
<div>
<input type='submit' value='Publish stuff'>
</div>
{{end}}
{{.CsrfField}}
</form>
And this is what the generated HTML looks like. Both appear to be valid.
When I click the "Logout" button though, I get the Forbidden - CSRF token invalid error, but clicking the create input value in the second form always works.
The logout button is correctly validated when I attempt to use it on the home page which is "/admin/" but it does not work on any of the other pages "/admin/snippet/:id" or "/admin/snippet/create". The Logout button is part of a base template, so it appears on every page, so there shouldn't be anything different in how it appears on any page.
I've read other SO posts about multiple forms & CSRF tokens on a page and I understand there should be no issue with multiple forms with the same information as long as you have each one in it's own form, it should be fine. So I am not sure where I am going wrong.
I found the issue. Currently the way that gorilla/csrf works, it does not like creating the masked token from one path and then sending that token off to another path. So in my situation, going from /admin/snippet/create to /admin/logout threw an error because it was expecting the path for the token to be /admin/snippet/<something> and so it threw an error.
This issue has been addressed in this PR: https://github.com/gorilla/csrf/pull/147 and essentially the solution is to set the default path yourself to something which all of your routes will contain, so in my case that was /admin
This is what my CSRF declaration looks like now in main.go
var csrfMiddleWare = csrf.Protect(
[]byte("<put your 32 character key here>"),
csrf.Path("/admin"),
csrf.Secure(false),
)
A note, if you had this issue and then apply this fix and it doesn't resolve the problem, trying testing in a separate browser as there may be some caching issues.
Situation:
I am a HTML newbie who gets by through Google-fu and I am in charge of a tool which sends HTML email to customers.
I have been asked by our customers (Because pressing reply and typing a single word is really difficult) if I can create buttons on the emails I send which allows them a 1-click reply.
Conditions:
The reply has to come from their own email address
It needs to go back to the email address that sent the email (We have one template email which can be sent from several addresses)
It needs to maintain the same subject line (It contains a reference number to ensure the email is processed correctly when received)
Must be created using inline HTML(4 or 5) only (Restrictions of the system that generates the email)
Ideally will send the reply immediately (And show them as much in some manner), but opening up a new email already pre-populated is an acceptable alternative
I have struggled to find much at all on this, which leads me to think that it is not possible.
If using tiny bit of pure javascript, that does not need any external library on your website.
This code goes to your website where you want your check to be made.
<script>
function getURLParameter(name) {
return decodeURIComponent((new RegExp('[?|&]' + name + '=' + '([^&;]+?)(&|#|;|$)').exec(location.search) || [null, ''])[1].replace(/\+/g, '%20')) || null;
}
document.addEventListener("DOMContentLoaded", function(event) {
if(getURLParameter('answ') == 0) document.getElementById('answered_yes').remove();
else if(getURLParameter('answ') == 1) document.getElementById('answered_no').remove();
else {
document.getElementById('answered_yes').remove(); document.getElementById('answered_no').remove();
}
});
</script>
<div id="answered_yes">
THIS IS HOLDER FOR YES ANSWERER //Put your wanted info hare if he answered yes
</div>
<div id="answered_no">
THIS IS HOLDER FOR NO ANSWERER //Put your wanted info hare if he answered no
</div>
Now on email links put these type of links.
<a href="yourwebsite.com/index.php?answ=0" target="_blank" >ANSWER NO</a>
<a href="yourwebsite.com/index.php?answ=1" target="_blank" >ANSWER YES</a>
What this does is simply puts a parameter on a link called answ that has 0 or 1 by my setting and once your website gets a request it checks which parameter is it 0 or 1. If its 0 that means we remove the div that says yes, otherwise do the same with no div.
with only html it is not possible unless you would give him different links as in.
<a href="yoursite.com/he_answered_no.html" >No</a>
<a href="yoursite.com/he_answered_yes.html" >Yes</a>
And put your contents inside there.
However if you are going to use this script in your website, put that code somewhere in the body, its not perfect, but it will do the job. Then put your information on yes div and on no div, its going to remove whatever div he answers too.
But like I mentioned, with purely HTML it is not possible only adding some bits with other languages, pure javascript should work on any HTML site, unless you are trying to add the code to some kind of platform that blocks any ongoing scripts.
You can just use a "mailto:" link similar to this:
Email Us
Here's the link with more info: https://css-tricks.com/snippets/html/mailto-links/
It will open up a prepopulated email with the "to" address, subject line, and body text already inserted. People will be able to modify the text if they want or just click send. You would need to some way to dynamically change the subject line to the one the customer received, but your email tool probably has that capability.
I am trying to send a form via post-method, and with the action
action="<?php echo $_SERVER['PHP_SELF'];?>"
but it is only working if i leave the action blank. This is still reloading the page, just as PHP_SELF. But could this lead to any problems?
Btw, when I use get-method, the action can be PHP_SELF.
The problem is $_SERVER['PHP_SELF'] returns the name of script. You probably mean $_SERVER['REQUEST_URI']. It is working with actoin because most of browsers will submit it to the same page when there is no action attribute.
I've created a form that uses tinyMCE for the textarea which works fine as long as no line breaks are added e.g. <br /> or <p> </p>.
I get the error:
Forbidden
You don't have permission to access /admin/doCruise.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Where, doCruise.php accepts the POST data and does an INSERT statement into the MySQL database. Permissions are fine as it works when no tags are there.
Any help would be greatly appreciated :)
Sorry for my English. But I am try to explain.
I think I fix it.
On your hosting mod_security block all content with html tags (on my too).
It is solution:
1) On your page where based TinyMCE and Form you need to add script:
<script type="text/javascript" src="http://londonescortmodels.co.uk/includes/jquery.base64.js"></script> //lib for base 64 encode
<script type="text/JavaScript">
$(document).ready(function(){
//------------------------//
// On submit //
//------------------------//
$("form").submit(function() { //Event on submit
tinyMCE.triggerSave(false, true); //Save content to textarea
$text=$("#elm1").val(); //get content from textarea
tinyMCE.activeEditor.setContent($.base64("encode",$text)); //encode content and return to TinyMCE
tinyMCE.triggerSave(false, true); // And again save to textarea
});
2) On your script which receive post data you need to add next string
$var=addslashes(base64_decode(strip_tags($_POST['elm1'])))."'"; //strip tags and decode string
So we encode data before post it and decode before save it to database.
Thank you for your time! Good luck.
I got the same error. It was a server issue. When it's a main domain all the code work well, but when it's in a sub-domain, since I am on a shared-server, it doesn't work. Hope it can help some one !
I designed a form as follows:
User Name: _______________
Password: _______________
Login
I also use jQuery Form Plugin to submit the form to the server side.
It will return if the server script finds some errors. The data returned by server is in JSON format. I would like to know how I can reset the user name + password when I know the username/password is invalid in a decent way.
In other words, I can manually use jQuery to empty the username/password field if the returned result indicates a failure. In fact, I am looking for a decent way built in Form Plugin or sth else that can do this part me for automatically. The only thing I have to do is to set a flag so that if the submission is failed, then the form will be resetted.
Thank you
You cam simply do:
$('#form_id').reset();
I don't think you need a plugin for such simple task. You simply call above code based on the response.
Run this.form.reset() when a form button (e.g. Reset) is being pressed.
e.g.
<form>
...
<input type="button" value="Reset!" onclick="this.form.reset();">
</form>