#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    0

    [Solved] Functions are disappearing.


    Hi

    I define some Javascript functions in the head section of a webpage served from some php I wrote. I also put that same javascript in a text area field of a form so I can edit it, and save it to as mysql database... After saving, the php serves up a new page with the updated javascript...

    Easy...

    The head scratcher is after returning, its like the javascript isn't defined in the head section... the source code shows the Javascript is there and the text area contains the copy as well. However, the element inspector of Safari, it shows an empty <script></script> section......

    The page has many forms. if i update a form who's text area doesn't contain javascript, it works great...

    Any ideas?

    Thanks

    Kirk
  2. #2
  3. A Not To Shabby Code Smurf
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Aug 2008
    Posts
    1,188
    Rep Power
    184
    Originally Posted by kirkreiten
    The head scratcher is after returning, its like the javascript isn't defined in the head section... the source code shows the Javascript is there and the text area contains the copy as well. However, the element inspector of Safari, it shows an empty <script></script> section......
    - If your JavaScript code (within your <script> tag); shows up in your source code, then it's there. What is the issue; is your code not executing? Could be your not escaping some quotes/double quotes, but that is just an assumption. If you post your code; that would be of some help, with diagnosing your issue.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    0
    Oh, and the other odd fact -- if i save the html code to a .html file, upload it to the server, the javascript works...

    Safari reports "function is missing" unless i load the page from the .html file or save a form without javascript in the textarea...

    Thx
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    0
    Hi,

    I made a test page for anyone that wants to see my problem...

    it's blasts.org/Test

    The page has 3 forms: The first posts no data to the server.
    The second posts a javascript to the server.
    The third, you may post what ever you like to the server.

    The server ignores all data... If you edit the javascript and call the function something other than DoThis() or change <SCRIPT... to SCRIPT the page works perfectly.

    If you save the page as a .html, it works perfectly too..

    Any ideas?

    Thanks

    Kirk
  8. #5
  9. A Not To Shabby Code Smurf
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Aug 2008
    Posts
    1,188
    Rep Power
    184
    Originally Posted by kirkreiten
    Hi,

    I made a test page for anyone that wants to see my problem...

    it's blasts.org/Test

    The page has 3 forms: The first posts no data to the server.
    The second posts a javascript to the server.
    The third, you may post what ever you like to the server.

    The server ignores all data... If you edit the javascript and call the function something other than DoThis() or change <SCRIPT... to SCRIPT the page works perfectly.

    If you save the page as a .html, it works perfectly too..

    Any ideas?

    Thanks

    Kirk
    Here's your error(s); once form is submitted:

    * The XSS Auditor refused to execute a script in 'https://blasts.org/Test/index.php' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header. - index.php - line 11
    * Uncaught ReferenceError: DoThis is not defined. - index.php - line 13
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    0
    Thanks for the reply...

    I added:

    header("X-Webkit-CSP: default-src 'self' *.blasts.org;");

    to my php and inline scripts died...

    Suggestions?


    Kirk
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    0
    header("X-Webkit-CSP: default-src 'self' 'unsafe-inline' *.blasts.org;");

    Makes the page act like my first post... What am I missing?

    Thx

    Kirk
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    6
    Rep Power
    0
    Resolved....

    X-XSS-Protection: 0;

    Thanks for the help

    Kirk.

IMN logo majestic logo threadwatch logo seochat tools logo