0

I have the following client-side JavaScript code that works just fine when using python-Flask Dev server, irrespective what type of content $('#b_comment_selected').text() has. Here is the JS code. 

function some_editing(){
$.getJSON($SCRIPT_ROOT + "/_edit_me", 
{
content: $('#b_comment_selected').text(),
label: $('#b_label_selected' ).text() 
},
function () { //do something}
)
}

It also works when I run it on IIS and $('#b_comment_selected').text() does not contain any html tags. But the code does not work when there are html tags in $('#b_comment_selected').text(). The error I get in Chrome's console is a 403 Failed to load resource: the server responded with a status of 403 (HTTP/1.1 403 Forbidden)

My questions are: why does it work in the flask dev environment? Why does it not work on IIS? And how to fix it?

If I had to guess it has to do with characters like < or > but I can't find a definitive answer to my set of questions.

Sason Torosean
  • 562
  • 3
  • 18
  • 1
    You're probably seeing ASP.Net's request filtering. http://www.hanselman.com/blog/ExperimentsInWackinessAllowingPercentsAnglebracketsAndOtherNaughtyThingsInTheASPNETIISRequestURL.aspx – SLaks Nov 13 '17 at 21:18
  • Thanks for the suggestion, will look into the link. – Sason Torosean Nov 14 '17 at 01:08

1 Answers1

0

So the Solution was to replace the getJSON method with the ajax method, and this answered my third question "how to fix it?". And I think the first comment to the accepted answer in here jQuery - .getjson VS .ajax json answers my first and second question, in the context of securities in place on IIS, but then again I am not hundred percent sure.

Sason Torosean
  • 562
  • 3
  • 18