I have been searching on internet, but suprisingly not even single answer or single query has been raised by anyone, am I the only one facing this issue. May be because when we say URL in form google gives all the results related 'attribute' of form. But here I am not talking about action URL at all. so i will start with html code.
<form action="/something_that_does_not_matter" method=post>
<input name="profile" type="text" placeholder="Enter name"/>
<input name="link" type="text" placeholder"="Enter URL"/>
</form>
This form works fine if user submits some strings in both inputs. When it becomes issue? When you enter any url in link field. because that is what is supposed to do. Please do not ask me to tell script here, because I am 100% sure theres no issue on server side, as i have even tried with simplest php like
<?php echo $_POST["link"]; ?>
It happens on certifiedhosting server only, on my local it works fine, little bit guessing and research gave me this one reason, that apache has this security protocol which if enabled wont let you, submit something harmful. And it is blocking my any url, even if is submit "http://hey" it gets blocked so issue is not with url also.
My Hosting provider is ready to disable that rule for me, but then it would be my own risk. so I dont want that obviously.
So now my question is why is security there, and if it is really threat, how do someone who really wants genuinely to do it will do it?
For pure html form submission i cannot find solution at all. But for ajax based request i have found some solutions. First i tried to encode/decode which wont work, as server first tries to find that encoded subsrtring which has http:// in it. So no use
Another solution is to submit ht$$p:// and then fix it in my php script. but its all workaround, and forces me to use Ajax based. what if just want to do it in HTML form, my application wont have JavaScript on it.
Anyone?
