Home/ Questions/Q 9046035
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T11:32:02+00:00

I’m trying send an HTML string from the client to the server via ajax.

  • 0

I’m trying send an HTML string from the client to the server via ajax. I keep getting “disallowed key characters” error. So I took this $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; and set it to nothing $config['permitted_uri_chars'] = ''; Since CodeIgniter says Leave blank to allow all characters -- but only if you are insane. But I still get Disallowed Key Characters error.

This is how I’m trying to send it:

var content = '<p class="MsoNormal">Hi {$first_name}</p>\n<p class="MsoNormal">My name is Bill, etc etc.</p>';

$.get('/task/preview_template', {content:content}, function(data) {
    console.log(data); //Disallowed Key Characters
});
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    _clean_input_keys is your likely culprit for what’s throwing the error, and you have a large number of characters that fall outside of the allowed characters of "/^[a-z0-9:_\/-]+$/i".

    There are a few ways that I can think of that might handle this:

    1. Modify _clean_input_keys so that it accepts the extra characters. This, of course, is an internal function for a reason and shouldn’t be changed unless you know what you’re doing. (Alternatively, you may be able to modify it to allow the special characters for HTML encoding and HTML encode the string. This helps mitigate the compromise to security that comes with adding such characters to _clean_input_keys.)

    2. Encode your string before sending it, then decode it on the server side. This is a little more work on both your part, and that of the computers involved, but it keeps _clean_input_keys intact, and should allow you to send your string up, if you can find an encoding that is reliable in both directions and doesn’t produce any disallowed characters. Since you’re using GET, you may also run into GET input limits on not only the server, but browser-side, as well.

    3. Use POST instead of GET and send your content as a data object. Then just use the $_POST variable on the server, instead of $_GET. While this may work, it is a bit unorthodox and nonstandard usage of the REST verbs.

    4. Store your template content on the server, and reference it by name, instead of storing it in the JavaScript. This, of course, only works if you’re not generating your template content on the fly in the JavaScript. If you’re using the same template(s) in all of your JavaScript calls, though, then there’s really no reason to send that information from JavaScript to begin with.

    • 0