0

So I am using the json_encode function to strip out any malicious script being entered but is there a way I can make an exception as I have a fair amount of data I am copying from word docs and PDF's which have the '-' & ':' characters and if I include those as soon the browser reads one of those characters it stops rendering the string at that point?

My app is set to use UTF8 both in the meta tag and also inside of my config file but also tried including JSON_UNESCAPED_UNICODE but to no avail...

Here is an example of my full script:

    <script> 
    var iframe = document.getElementById('editor'), 
    iframedoc = iframe.contentDocument || iframe.contentWindow.document; 
    iframedoc.body.innerHTML = <?php echo json_encode($row[3]); ?>; 
    </script>
Maximillian Laumeister
  • 19,884
  • 8
  • 59
  • 78
PhpDude
  • 1,542
  • 2
  • 18
  • 33
  • 1
    and what about `" "`? – Toumash Jul 04 '15 at 19:25
  • Huh? Where am I adding this? – PhpDude Jul 04 '15 at 19:25
  • @phpcoder it's just not good practice. You should create a hidden input with the information OR do an XMLHTTPrequest and have a controller get the information. – kemicofa ghost Jul 04 '15 at 19:27
  • The hidden input is a textarea – PhpDude Jul 04 '15 at 19:28
  • the iframe literally overlays it and displays the content it is a custom light WYSIWYG - Plus my question is not around 'bad practices' I am asking about JSON_ENCODE – PhpDude Jul 04 '15 at 19:28
  • 1
    @phpcoder He meant the ``. – fsacer Jul 04 '15 at 19:30
  • @fsacer Really? I would never have guessed lol Anyway do you also have anything constructive to say? this site is becoming increasingly worse by people not actually helping but being troll like – PhpDude Jul 04 '15 at 19:31
  • @phpcoder Sure I think you should output php inside javascript string. – fsacer Jul 04 '15 at 19:33
  • Well no it isnt....It works just fine if I include plain text and a number of characters but I have tested against the '-' & ':' characters there must be a list of chars I can exlude – PhpDude Jul 04 '15 at 19:33
  • I think this is stoping the rendering of string as @Toumash posted. – fsacer Jul 04 '15 at 19:34
  • @fsacer It does output just a certain number of characters which I assume it fails to recognise so it stops at that character - is there a way to exclude these characters? – PhpDude Jul 04 '15 at 19:38
  • @phpcoder Did you look at this http://stackoverflow.com/questions/4663743/how-to-keep-json-encode-from-dropping-strings-with-invalid-characters. – fsacer Jul 04 '15 at 19:44
  • I have read it earlier yeah... – PhpDude Jul 04 '15 at 19:46
  • Is it working? `iframedoc.body.innerHTML ='';`? – Toumash Jul 04 '15 at 19:47
  • @Toumash that is no different from what I have...? - ignore that I saw you added "" but not that kills the output now – PhpDude Jul 04 '15 at 19:48
  • no different but `' '` – Toumash Jul 04 '15 at 19:48
  • HTML recognises `&` symbols as special characters and it is searching for right symbol to use like [HERE](http://www.webstandards.org/learn/reference/charts/entities/markup_entities/) thats the problem i think. Just test it – Toumash Jul 04 '15 at 19:49
  • @Toumash I know that it isnt recognising symbols hence why I am asking how can you Exclude certain characters – PhpDude Jul 04 '15 at 19:51
  • @Toumash so if I copy and paste a doc in with the chars like ', - and & how do I go about it picking up those characters and changing them to their HEX code? – PhpDude Jul 04 '15 at 19:53
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/82381/discussion-between-phpcoder-and-toumash). – PhpDude Jul 04 '15 at 19:54
  • htmlspecialchars(json...);? – Toumash Jul 04 '15 at 19:55
  • @Toumash could you show me a full example? – PhpDude Jul 04 '15 at 19:56

0 Answers0