Javascript stop characters on frames

Question

I created a small PHP to redirect to a page after stripping the referer. It works pretty consistent around browsers, however, it redirects to the wrong url.

<script>  
window.frames[0].document.body.innerHTML='<form target="_parent" action="http://www.example.com/send.php?year=2015&email=me%40me.com&submit=send+form"></form>';
window.frames[0].document.forms[0].submit()
}    
</script>

<iframe onload="window.setTimeout('go()', 99)" src="about:blank" style="visibility:hidden"></iframe>

Rather than taking me to http://www.example.com/send.php? year=2015&email=me%40me.com&submit=send+form it takes me to http://www.example.com/send.php?

So basically the ? acts like a stop word. How could it fix it? Any help would be GREATELY appreciated.

Don't put `?` and parameters in form `action`s. Put them in ``s. — developerwjk, Sep 23 '15 at 23:22
So could you tell me please how could i rewrite it so that it still redirects to the full url? — E.C. Popa, Sep 23 '15 at 23:24

score 0 · Answer 1 · answered Sep 23 '15 at 23:26

Don't put ? and parameters in form actions. Put them in <input type='hidden'/>s.

window.frames[0].document.body.innerHTML="<form target='_parent' action='http://www.example.com/send.php' method='get'><input type='hidden' name='year' value='2015'/><input type='hidden' name='email' value='me@me.com'/><input type='hidden' name='submit' value='send form'/></form>";

Javascript stop characters on frames

1 Answers1