I'm new to Javascript and PHP, and I'm currently going through the following tutorial.
http://www.html-form-guide.com/php-form/php-form-tutorial.html
Unfortunately, when I click submit, the myform.php file is being downloaded instead of being run. Is there something I'm missing?
<?php
if($_POST['formSubmit'] == "Submit")
{
$varMovie = $_POST['formMovie'];
$varName = $_POST['formName'];
}
?>
HTML code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Example</title>
</head>
<body id="main">
<section id='ex'>
<form action="myform.php" method="post">
Which is your favorite movie?
<input type="text" name="formMovie" maxlength="50" value="<?=$varMovie;?>">
What is your name?
<input type="text" name="formName" maxlength="50" value="<?=$varName;?>">
<input type="submit" name="formSubmit" value="Submit">
</form>
</section>
test.php
?php
phpinfo();
?>
You need to run it in an HTTP server with PHP. I suggest WAMP for Windows sytems and MAMP for Mac OSX systems. For Linux search around for LAMP tutorials.
It could also be that your server is not configured to serve PHP files correctly.
Related
I am trying to learn about XSS vulnerabilities and am having some issue grasping the concept. I have a test site http://mytestpage/index.html and am trying to launch an alert box via xss from a secondary page http://xsstest.html. I can not seem to get the alert to occur. I think my issue is that the code from my xsstest page is not injecting into my mytestpage/index.html page. I am trying to use innerhtml as the posts I read seemed to leverage this in XSS testing. I am fairly certain that I am not using the innerhtml correctly or pehaps it is not the right "tool for the job" and i am running down the wrong path. Any suggestions would be appreciated.
My code for the XSS test is as follows:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>XSS TEST PAGE</title>
</head>
<body>
<body onload="document.forms[0].submit()">
<form method="POST" id="test" onsubmit="test()" action="http://mytestpage/index.html" >
</form>
</body>
<script>
function test(){
alert("Hiya buddy!");
}
document.getElementById().innerHTML = test();
</script>
</html>
The test homepage code is as follows:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>My Test Home Page</title>
</head>
<body>
<form method="post">
<label>Enter Your Name:</label>
<input type="text" name="myname">
<button class="btn" type="submit" name="action" value="submit">Submit</button>
</form>
</body>
</html>
This right here is no bueno:
<script>
function test( ){
alert("Hiya buddy!");
}
document.getElementById().innerHTML = test();
</script>
document.getElementById() requires you pass it the ID of an element. So, for example, if there's a div on the page with the ID of #alert, you'd do document.getElementById('alert').
You also can't assign a function to the inner HTML of an element. You need to create a script element and then append it to the document or another element. Instead, try:
<script>
let myTest = document.createElement('script')
myTest.text = `
function test() {
alert('Hiya buddy!')
};
test();
`
const body = document.querySelector('body')
body.appendChild(myTest)
</script>
You are not doing XSS. You are simply displaying alert upon form submission. That too has error that document.getElementById() requires a id to select the element.
XSS is done where you have some input to enter. SO you cannot do XSS in XSStest page but you can do it from test home page code by changing it as
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>My Test Home Page</title>
</head>
<body>
<form method="post" action="some page url">
<label>Enter Your Name:</label>
<input type="text" name="myname">
<button class="btn" type="submit" name="action" value="submit">Submit</button>
</form>
</body>
And Suppose the page whose url you have given in action attribute is like
<!DOCTYPE html>
<HTML>
<body>
Name is: <%=request.getParameter("myname")%>
</body>
</HTML>
I have assumed you are using jsp here.
Now when you enter XSS payload in inputbox in this page and submit it the page whose url you have given will open up and display the alert as you have not sanitized the input value before using it in second page.
I tried required attribute of input tag in HTML. When user inputs empty value, browser should pop up a warning Please fills out this field.
It works fine in Chrome browser, but when I use Firefox (version 53.0), the pop up seems like immediately disappear. Here is my test code:
<!DOCTYPE html>
<html>
<head>
<title>Testing</title>
</head>
<body>
<form>
<input type="text" required />
<button type="submit">Submit</button>
</form>
</body>
</html>
Do you know how to fix it? And if can't be fix, can you explain why Firefox doing it?
Update 1: It works on Firefox on Windows. But it still doesn't work on Firefox on Ubuntu (16.04).
I have your code work successfully in Firefox (53.0.2) but could you please try this:
<!DOCTYPE html>
<html>
<head>
<title>Testing</title>
</head>
<body>
<form>
<input type="text" name="somename" required>
<button type="submit">Submit</button>
</form>
</body>
</html>
I made two changes:
In HTML, the tag has no end tag but in XHTML.
Add name attribute because of some possible dependencies.
I want to pass values between 2 HTML pages using POST method. I have lot of data to be passed to 2nd page and cannot use GET. My issue is I do no know how to pass values to second HTML page and how do i display user name on page 2. please explain!!!
Here page1.html code:
<html>
<head>
<title>Form</title>
</head>
<body>
<h4>Enter your name</h4>
<form name="form1" method="post" action="page2.html">
<input type="text" name="username">
<input type="submit" onclick="submitForm()">
</form>
<script type="text/javascript">
function submitForm()
{
form1.submit();
}
</script>
</body>
</html>
Here page2.html code:
<html>
<head>
</head>
<body>
....... dont know how to display username entered on page1.html here...
</body>
</html>
Try this
<html>
<head>
</head>
<body>
<?php
if(isset($_POST["username"]))
{
echo $_POST["username"];
}
?>
</body>
</html>
And if you want to do this with javascript then readout about AJAX
ajax Tutorial
Here is my simple html file, I ran on firefox 47; the autocomplete attribute does not have any effect.
I'm expecting press "down" arrow will show my history. However, it does not work. Why?
Note1: I've checked Firefox | Options | Privacy | Firefox will: Remember History; I've also disabled all add-ins and restarted Firefox; still not work.
Note2: these code are just running on client browser, I don't need a form to submit to server. All I need is to click the button, then retrieve the text from input and do something in JavaScript.
<!DOCTYPE html>
<html>
<head>
<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
<meta content="utf-8" http-equiv="encoding">
<script type="text/javascript">
function runCommand(command_str) {
};
</script>
</head>
<body>
<input id="command_text" type="text" autocomplete="on" size="80" >
<button onclick="runCommand(document.getElementById('command_text').value)">Run Command</button>
</body>
</html>
This happens because you have not wrapped your inputs in a form.
Please wrap it in a form like below and autocomplete attribute to the form too. Also name your parameter.
<form autocomplete="on">
<input id="command_text" type="text" autocomplete="on" name="command_text" size="80" >
<button onclick="runCommand(document.getElementById('command_text').value)">Run Command</button>
</form>
I need to save a webpage to the filesystem using the Save Webpage function while keeping changes done with javascript. I have an input field where you can type in your name and save it, which is then displayed on the website. If i use Save As... in firefox my changes are saved in the resulting html file. When i use IE11 i get the original source code without my user input.
Example:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Test Page</title>
<script>
function saveUser(form) {
var form = document.getElementById('saveUserForm');
form.previousElementSibling.innerHTML = form.previousElementSibling.innerHTML + "<br />Created by: " + form.name.value;
form.parentNode.removeChild(form);
}
</script>
</head>
<body>
<div>
<h1>Test Page</h1>
<p>Created at: Today
<form class="userForm" id="saveUserForm" action="" method="get">
<label for="name">Created by: </label>
<input id="name" name="name">
<input type="button" name="button" value="Save" onclick="saveUser(this.form)" />
</form>
</p>
</div>
</body>
</html>
Can anybody make any suggestions on how to keep dynamic changes when saving a web page in IE11?