2

Is it possible to send html code via a url and display the parameter containing the html code as HTML where the parameter is received?

I.E. <a href='./displayHtml.php?description=<strong>Title</strong><table>...</table>'>Send Html</a>

Improve this question

2 Answers 2

Reset to default
3

There is nothing (by default — XSS filters might not like it) stopping you including characters that have special meaning inside a URL. However:

  • You can't make a POST request with a link, the data will appear (in PHP) in $_GET
  • You should urlencode data before putting it in a URL
  • You should HTML encode data before putting it in HTML

Such:

<?php
    $description = htmlspecialchars(
        urlencode(
            "<strong>Title</strong>etc etc"
        )
    );
?>
<a href="./displayHtml.php?description=<?=$description?>">

Make sure you implement suitable defences against XSS attacks before injecting user input (e.g. anything you read from $_GET) into HTML documents though.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Well - you could do this - but it will be very very dangerous

displayHtml.php

<?php
    echo $_SERVER["QUERY_STRING"]

As @Quentin pointed out - there are all sort of XSS/security issues.

edit: this might be slightly more secure:

<?php
    echo htmlentities($_SERVER["QUERY_STRING"]);
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.