1

This is an odd situation and my current thought is that it doesn't work this way, but I need to some other eyes on this.

A different website I don't have control over has a form with a hidden field in it. The form action is a POST and to send it to a url on my website and I need to be able to get the value of that hidden field using javascript.

As a GET that would be included in the url and I think I would just be parsing that apart. But since it's a POST being sent to me I'm not entirely sure how to get the value of that hidden field out.

Is this doable? If so, where should I be looking to do it?

Thank you!

Toby Allen
  • 10,997
  • 11
  • 73
  • 124
Tim Converse
  • 59
  • 2
  • the URL that is called from your website is just an static HTML or do you have a backend? – Romulo Sep 30 '15 at 17:52
  • You cannot grab variables posted to your page in the browser. You can get the only get the post variables server side. If you're backend code is PHP it would be like this: var myvar = '=$_POST['some_value']?>'. For ASP.Net it would be: var myvar = '<%= Request.Form["some_value"] %>. – Gregg Duncan Sep 30 '15 at 17:53
  • Possible duplicate of [How to read the post request parameters using javascript](http://stackoverflow.com/questions/1409013/how-to-read-the-post-request-parameters-using-javascript) – devinallenaz Sep 30 '15 at 17:54
  • At this stage I have no control over what is happening on the server side of this. I only can do things on the client side and I am trying to only use Javascript/jQuery to do this. So from what I am gathering there really isn't anything I can do unless I use something else like PHP. – Tim Converse Sep 30 '15 at 18:10

1 Answers1

1

If your server that is receiving the sended form data uses PHP, you can get all form values using:

<?php
print_r($_POST);
?>

If the page in your server is a static html page, then you cannot get the POST data. Or you can, but then you have to make html pages to be executed as php pages (not recommended however).

You talk about that you need this value be accessible by javascript. Simply do something like:

<script>
<?php
echo 'var input_field_value="'.htmlspecialchars($_POST['name_of_input_field']).'";';
?>
</script>

The question doesn't provide information what server software is used, so I assume that is PHP.

EDIT: after Saturnix's comment I added a call to htmlspecialchars() to make it safe to execute in javascript.

Timo Kähkönen
  • 11,962
  • 9
  • 71
  • 112
  • this assumes that you trust the other site not to inject malicious JS into that POST field. Otherwise, you'd want to escape that variable. – Saturnix Sep 30 '15 at 18:07
  • When you say "make pages to be executed as php pages" what exactly do you mean? Not that I want to do it, but that I want to be able to make sure I understand it. Thanks. – Tim Converse Sep 30 '15 at 18:13
  • I can trust the other site not to inject anything malicious. – Tim Converse Sep 30 '15 at 18:14
  • In Apache add this to .htaccess and put the file to server web root: `Addhandler application/x-httpd-php .html .php .myext`. The reason why this is not recommended is the performance. Instead of just passthroughing the .html to the client, this handler causes the server to make use of php engine which slows down unnecessarily accessing plain html files. Of course if you restrict the handler to only one subdirectory then it should be more "recommended". – Timo Kähkönen Sep 30 '15 at 18:35