30

Is it possible to save text to a new text file using JavaScript/jQuery without using PHP? The text I'm trying to save may contain HTML entities, JS, HTML, CSS and PHP scripts that I don't want to escape or use urlencode!

If it's only can be achieved using PHP how can I pass the text to PHP without encoding it?

Michał Perłakowski
  • 88,409
  • 26
  • 156
  • 177
  • 4
    No, it is not. Besides, that would be a horrible security breach if someone injected js into your page. – Daedalus Mar 30 '13 at 19:47

3 Answers3

48

You must have a server-side script to handle your request, it can't be done using javascript.

To send raw data without URIencoding or escaping special characters to the php and save it as new txt file you can send ajax request using post method and FormData like:

JS:

var data = new FormData();
data.append("data" , "the_text_you_want_to_save");
var xhr = (window.XMLHttpRequest) ? new XMLHttpRequest() : new activeXObject("Microsoft.XMLHTTP");
xhr.open( 'post', '/path/to/php', true );
xhr.send(data);

PHP:

if(!empty($_POST['data'])){
$data = $_POST['data'];
$fname = mktime() . ".txt";//generates random name

$file = fopen("upload/" .$fname, 'w');//creates new file
fwrite($file, $data);
fclose($file);
}

Edit:

As Florian mentioned below, the XHR fallback is not required since FormData is not supported in older browsers (formdata browser compatibiltiy), so you can declare XHR variable as:

var xhr = new XMLHttpRequest();

Also please note that this works only for browsers that support FormData such as IE +10.

razz
  • 9,770
  • 7
  • 50
  • 68
  • this works like a charm, the text is saved as it is with all the special characters :), thanks again. –  Mar 30 '13 at 22:17
  • 4
    Why are you fallbacking XHR for IE6, but using `FormData`? One or the other has to go. – Florian Margaine Sep 21 '14 at 12:41
  • @FlorianMargaine (or someone else), could you edit the answer (it would be useful for all people who will read this accepted answer) to provide a better version? – Basj Sep 21 '14 at 20:06
  • XMLHttpRequest cannot load $php-file. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource. – Everyone_Else Sep 07 '16 at 07:17
  • Is it possible to use this method to overwrite an existing file or can it only create a new one? – Travis Fleenor Nov 29 '18 at 21:22
  • Is there any quick way to use `/n` with this method? Example: `data.append("data" , strings_of_data_here?);` – Jonas Apr 11 '20 at 22:41
  • Add `header("Access-Control-Allow-Origin: *");` in first of server side file maybe have benefit for CORS error. – Nabi K.A.Z. Feb 07 '22 at 03:04
7

It's not possible to save content to the website using only client-side scripting such as JavaScript and jQuery, but by submitting the data in an AJAX POST request you could perform the other half very easily on the server-side.

However, I would not recommend having raw content such as scripts so easily writeable to your hosting as this could easily be exploited. If you want to learn more about AJAX POST requests, you can read the jQuery API page:

http://api.jquery.com/jQuery.post/

And here are some things you ought to be aware of if you still want to save raw script files on your hosting. You have to be very careful with security if you are handling files like this!

File uploading (most of this applies if sending plain text too if javascript can choose the name of the file) http://www.developershome.com/wap/wapUpload/wap_upload.asp?page=security https://www.owasp.org/index.php/Unrestricted_File_Upload

Joe F
  • 642
  • 4
  • 12
0

If you still want to work in JavaScript and avoid PHP, CGI, and things like that, it's no longer true that you can't do server side scripts with JavaScript.

With Node.js, you can do server side JavaScript. Of course, you have to have a server than can run a Node.js server. But once you get it up and running, you can write the server script to accept a JSON formatted string from your client side scripts Then, based on that JSON string received, the server side script could create and save files. Of course, you want to make sure you write secure code, check what is being sent to your server and verify it's not malicious before creating the files and saving them. You also probably want to stagger timing and pause between files to ensure you're not susceptible to a DDOS attack, either.

Trashman
  • 1,424
  • 18
  • 27