Why is input text cut off if it includes < sign followed by some text

Question

Why input text is cut off on form submission if input string has < sign followed by some text without space, e.g. <abc. But it works fine when there is a space after <, e.g. < abc

HTML

<form name="testform" method="post">
        <input type="text" name="title" />
        <input type="submit" value="Submit"/>
</form>

If you provide input value as This is a sample <string and submit. Received value via POST is This is a sample. However when you submit This is a sample < string (notice the space after <) then it's received correctly.

Server-side (PHP)

<?php
if(isset($_POST['title'])) {
        echo '<pre>';
        print_r($_POST); // outputs "This is a sample " instead of "This is a sample <string" 
}
?>

What's the reason for this?

It won't be. The problem is that the server side code you haven't shared with us is outputting it as HTML and `<` has special meaning in HTML. — Quentin, Mar 07 '16 at 11:33
http://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php is probably a suplicate but the question fails to so much as specify the server side language involved. — Quentin, Mar 07 '16 at 11:34
Yup, duplicate of [this question](http://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php). ` — Quentin, Mar 07 '16 at 12:01

score 0 · Answer 1 · answered Mar 07 '16 at 11:30

The reason would be that the < symbol is a special character. Presumably in your post you'll be stripping out anything potentially harmful, possibly htmlentities, and your validation could be seeing it as a potential threat, so it removes the tag from the string.

Why is input text cut off if it includes < sign followed by some text

1 Answers1