0

So I am using the json_encode function to strip out any malicious script being entered but is there a way I can make an exception as I have a fair amount of data I am copying from word docs and PDF's which have the '-' & ':' characters and if I include those as soon the browser reads one of those characters it stops rendering the string at that point?

My app is set to use UTF8 both in the meta tag and also inside of my config file but also tried including JSON_UNESCAPED_UNICODE but to no avail...

Here is an example of my full script:

    <script> 
    var iframe = document.getElementById('editor'), 
    iframedoc = iframe.contentDocument || iframe.contentWindow.document; 
    iframedoc.body.innerHTML = <?php echo json_encode($row[3]); ?>; 
    </script>
Improve this question
22
  • 1
    and what about " <?php echo json_encode($row[3]); ?>"? Commented Jul 4, 2015 at 19:25
  • Huh? Where am I adding this? Commented Jul 4, 2015 at 19:25
  • @phpcoder it's just not good practice. You should create a hidden input with the information OR do an XMLHTTPrequest and have a controller get the information. Commented Jul 4, 2015 at 19:27
  • The hidden input is a textarea Commented Jul 4, 2015 at 19:28
  • 1
    @phpcoder He meant the <input type="hidden">. Commented Jul 4, 2015 at 19:30
Related questions
29
PHP's json_encode does not escape all JSON control characters
0
PHP Json_Encode strange characters?
2
prevent json_encode adding escape characters
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.