// you’re reading...

JavaScript

Solution to Form Submit 403 Error

Have you ever had a problem where you get a HTTP 403 error from submitting a form?
Does this form have a field that submits a URL?

If yes to the above two questions, I think I know the problem you're having, and have a solution. It's to do with mod_security (an Apache module) and the 'http://' part of the URL.

The obvious answer is to tell you to go and modify the module yourself, but many of you don't have access to those kind of modifications due to hosting company restrictions. My simple solution uses JavaScript to remove the 'http://' part from the URL.

Let's start by saying you have a form that looks something like the following:

<form id="SendDataForm" name="SendDataForm" method="post" action="page.php">
        <label for="FullName">Full Name:</label>
        <input type="text" name="FullName" id="FullName" />
        <br />
        <label for="EmailAddress">Email Address:</label>
        <input type="text" name="EmailAddress" id="EmailAddress" />
        <br />
        <label for="WebsiteAddress">Website Address:</label>
        <input type="text" name="WebsiteAddress" id="WebsiteAddress" />
        <br />
        <label for="SendForm">&nbsp;</label>
        <input type="submit" name="SendForm" id="SendForm" value="Submit" />
</form>

Add the following between the tags (or within a JavaScript include):

function trim(str, chars) {
        return ltrim(rtrim(str, chars), chars);
}

function ltrim(str, chars) {
        chars = chars || "\\s";
        return str.replace(new RegExp("^[" + chars + "]+", "g"), "");
}

function rtrim(str, chars) {
        chars = chars || "\\s";
        return str.replace(new RegExp("[" + chars + "]+$", "g"), "");
}

function MakeLinkSafe(){
        var e = document.getElementById('WebsiteAddress')
        str = trim(e.value);
        if(str.substr(0, 7) == 'http://'){
                e.value = str.substr(7);
        }
        return true;
}

Then, on your form submit button, add the following:

onclick="MakeLinkSafe()"

So that your submit button now looks like:

<input type="submit" name="SendForm" id="SendForm" value="Submit" onclick="MakeLinkSafe()" />

Now, when you click the submit button, it'll invoke the JavaScript, which will remove the http:// part (if it exists). You can then modify your 'action page' code to catch this element and re-add the http:// part if needs be.

Just remember to update the

document.getElementById('WebsiteAddress')

to reflect the ID of the element that collects the URL on your form.

Discussion

2 comments for “Solution to Form Submit 403 Error”

  1. […] error (when using a URL as some data to submit). Why not use this technique too? I found it at: Solution to Form Submit 403 Error | edrackham It works for me no problems […]

    Posted by 403 Error on Form Submit - UK Web Hosting | Dedicated Server Windows and Linux VPS Forum | February 12, 2009, 1:47 am
  2. Thanks for the tip… It was driving me up the wall……

    Posted by Paul | September 2, 2009, 11:30 pm

Post a comment