skip to Main Content

Laravel Post html but as raw text

i’m use tinymce and normal input

i try to normal post and get with url and ajax

<div class="modal fade" id="addpromotion" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1" aria-labelledby="addpromotionLabel" aria-hidden="true">
  <div class="modal-dialog modal-lg">
    <div class="modal-content">
      <form action="{{ route('admin.blog.create') }}" id="addpromotionform" method="post" enctype="multipart/form-data">
        @csrf
        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
        <div class="modal-header">
          <h1 class="modal-title fs-5" id="addpromotionLabel">เพิ่มโปรโมชั่น</h1>
          {{-- <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> --}}
        </div>
        <div class="modal-body">
          <div class="mb-3 mx-5">
            <input type="file" class="form-control" name="image" style="border-radius: 15px;">
          </div>
          <div class="mb-3 mx-5">
            <input type="text" name="title" class="form-control" placeholder="Title" style="border-radius: 15px;">
          </div>
          <div class="mb-3 mx-5">
            <input type="text" name="description" class="form-control" placeholder="Description" style="border-radius: 15px;">
          </div>
          <div class="mb-3 mx-5">
            <textarea id="tinymcecreate" class="tinymce" name="body"></textarea>
          </div>
          <input type="hidden" name="type" value="promotion">
        </div>
        <div class="modal-footer">
          <button type="submit" class="btn btn-danger">บันทึก</button>
          <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">ปิด</button>
        </div>
      </form>
    </div>
  </div>
</div>

body=%3Cp%3E%3Cstrong%3Ecustom%3C%2Fstrong%3E%3C%2Fp%3E

when console.log ( data before post )

_token=bNPyuZroL8QIJN3beZJyFYaVELWIyNb9kpvX48Zn&csrf_token=bNPyuZroL8QIJN3beZJyFYaVELWIyNb9kpvX48Zn&title=qwqgqw&description=qgqg&body=%3Cp%3E%3Cstrong%3Ecustom%3C%2Fstrong%3E%3C%2Fp%3E&type=promotion

$('#addpromotionform').on('submit', function(ed) {
  tinymce.triggerSave();
  ed.preventDefault();
  var TinyAjaxPost = $('#addpromotionform').serialize(); 
  var formData = new FormData(this);
           
  console.log(TinyAjaxPost);
  $.ajax({
    type: "post",
    url:'{{URL::to("/admin/blog/create")}}',
    data: formData,
    cache:false,
    dataType: 'html',
    contentType: false,
    processData: false,
    success: function(data) {
      console.log('success'+Object.values(data.message));
    },
    error: function(error) {
      console.log('error'+error);
    }
  });
});

but when post to controller i check with dd($request)

body don’t have html tag but have only raw text … custom

public function admin_blog_create(Request $request)
{
    $file_name = time() . '.' . request()->image->getClientOriginalExtension();
    $request->image->move(public_path('image/tinymce'), $file_name);
        
    $tiny = [
        'image' => $file_name,
        'title' => $request->title,
        'description' => $request->description,
        'body' => $request->body,
        'type' => 'blog',
    ];
    blog::create($tiny);

    return response()->json(['status'=>true, 'message' => $request->body]);
         
    /* return redirect()->back(); */
}

and i try to use Get with url when check data with dd($request) have only raw text custom

Tools

  • Laravel 9
  • TinyMCE 6

How i post or get with full html to database ?

2

Answers


  1. Chosen as BEST ANSWER

    XSS Protection it is a problem.

    i'm try to disable xss in controller

    $this->middleware('XSS');
    

    Can post ( request ) html data to database

    enter image description here


  2. Type this code if you are experiencing error 419

    // Ajax CSRF Setup Code
    $.ajaxSetup({
        headers: {
           'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
        }
    });
    

    The correct way to send, in addition to viewing the data in the console

    $('#addpromotionform').on('submit', function(ed) {
        ed.preventDefault();
        //console log data
        var TinyAjaxPost = $('#addpromotionform').serialize();            
        var copy = $("#addpromotionform iframe").contents().find('#tinymce').clone();
        copy = $(copy).html();
        console.log(TinyAjaxPost,copy);
    
        $.ajax({
            type: "post",
            url:'{{URL::to("/admin/blog/create")}}',
            data: new FormData(this),
            dataType: 'JSON',
            contentType: false,
            cache: false,
            processData: false,
            success: function(data) {
              console.log('success'+Object.values(data.message));
            },
            error: function(error) {
              console.log('error'+error);
            }
        });
    });
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search