"Disallowed Key Characters" for HTML content - even using $_POST?! |
[eluser]mattpointblank[/eluser]
Hi all. Writing an email newsletter script. It uses TinyMCE rich text editor for HTML. If I use a string like "<span style="bold;">text</span>" it immediately breaks and I get the "Disallowed Key Characters" error. I tried replacing my calls to $this->input->post('html') with $_POST['html'] but still get this message, even after disabling global xss filtering. It seems CI is intercepting my (ajax) form post still. Is there any way I can just grab my raw html (which has been filtered by TinyMCE anyway) and email it? This is pretty frustrating. Thanks, matt
[eluser]mattpointblank[/eluser]
No, good point I guess, but ultimately this app is definitely going to be using ajax for this function, so I'd rather find a proper fix for it now.
[eluser]Jônatan fróes[/eluser]
In this script I've used CI/ajax/TinyMCE: ShowCase . I'm not sure if form_open adds 'enctype="multipart/form-data"'. So, instead of Code: <?= form_open('url'); ?> i used Code: <form action="<?= site_url('url'); ?>" method="post" enctype="multipart/form-data" class="ajax_form"> And the js (by jQuery): Code: $(document).ready(function(){
[eluser]Jônatan fróes[/eluser]
[quote author="Jônatan fróes" date="1255713045"]In this script I've used CI/ajax/TinyMCE: ShowCase . I'm not sure if form_open adds 'enctype="multipart/form-data"'. So, instead of Code: <?= form_open('url'); ?> i used Code: <form action="<?= site_url('url'); ?>" method="post" enctype="multipart/form-data" class="ajax_form"> And the js (by jQuery): Code: $(document).ready(function(){ And inside the form I added am empty div with id="result"
[eluser]mattpointblank[/eluser]
That sort of code works for me, but in my ajax function, it works like this: Code: $('#sendPreview').bind('click', function(){ Eg, my script posts to a webpage and sends data, which is when it encounters CI's $_POST filtering.
[eluser]mattpointblank[/eluser]
I feel like this thread might be related: http://ellislab.com/forums/viewthread/65152/ That user was having issues if his textarea contained the word 'method'. The function that's giving me this error message is supposed to be checking keys, not values - eg, shouldn't it be validating my form field NAMES, not their content? My form field is just called 'html' - the error I get is a bit of weirdly converted HTML: Code: Disallowed Key Characters: nbsp;</p> Anyone got any ideas?
[eluser]mattpointblank[/eluser]
Fixed it. Jônatan fróes was right, it was the AJAX. All I needed to do was use escape() in the javascript data to escape my HTML, then it worked fine.
[eluser]Dojjjan[/eluser]
I have the same problem here but i didn't understand how you soloved it? I use tinyMCE and tinyMCE imagemanager for making posts to a blog and i what to use jquerys ajax function for submiting the form. But i get "Disallowed Key Characters" for the html that tinyMCE produces. It works just fine without the ajaxfunction and i dont what to use the $this->db->escape() function because it messes up the html when it gets displayed on the blog (is there an unescape function that i don know about? im new to codeigniter). this is the jquery ajaxfunction i use. Code: $('#blog_save_btn').click(function(){ How did you guys sollove this problem? did you escape the datastring with $this->db->escape()? and if so how did you get the html not to break when the data in the database is displayed on the webpage again?
[eluser]mattpointblank[/eluser]
Use the Javascript escape() function on your TinyMCE's value before it gets sent to your php page. |
Welcome Guest, Not a member yet? Register Sign In |