get incomplete POST data after form submit

Question

i have been working on this problem for hours. I have a form, with a textarea. I use the nicEdit texteditor. It replaces the textarea and shows a nice text editor, because i want my users to add some style to their content.

I use codeIgniter (PHP), and i use the form_helper to create the form. Also i use the form_validation for ss-validation and jquery validation for cs-validation

When i click submit, the form submits seemingly fine. I say this because i use fiddler (an http logger) and i see my text with the right html tags wrapped around it by the text editor.

but when i get the @_pots data in the view, somehow some part of the tags have been removed.

How fiddler traces the HTTP call and the submitted form data (seems correct)

Hello SO, <br><br>
<span style="font-weight: bold;">the following line should be bold</span><br><br>
<span style="font-style: italic;">the following line should be italic</span><br><br>
<span style="text-decoration: underline;">the following line should be underlined</span><br>

How my html looks in my view and in my print_r result from my @_post data

Hello SO,<br><br>
<span bold;"="">the following line should be bold</span><br><br>
<span italic;"="">the following line should be italic</span><br><br>
<span underline;"="">the following line should be underlined</span><br>

It looks like somehow, when i get my data back, it removes the style="font-weight

Does $_post do anything with special characters?!?! has someone experienced similar issues with this? all responses are greatly appreciated.

Answer 1

You need extend the CI_Security class from Codeigniter and comment/remove/modify this line:

/*
if(in_array($_SERVER['REQUEST_URI'],$allowed))
        {
            $evil_attributes = array('on\w*', 'xmlns');
        }
        else
        {
            $evil_attributes = array('on\w*', 'style', 'xmlns');
        }
*/