I have a page that is to be validated by w3c. In the developer menu, I have a validation link that looks something like this:
<form action="http://validator.w3.org/check" method="post" style="display:inline">
<textarea name="fragment" cols='0' rows='0' style="display:none;">{$page_content}</textarea>
<a href="#" onclick="$(this).closest('form').submit()" title="Validate the XHTML of this page.">XHTML</a>
</form>
$page_content is a string that contains the source code of the page. When I stored the source code, I use htmlspecialchars to encode the special characters. This validation link works fine on Chrome and FireFox, but on the Internet Explore, when I hit the submit link, the browser stops with an error message saying that it has modified the page to help prevent cross-site scripting.
Is there another way to go around this problem? You can give w3c the URI of the page to be validated, but a user has to be logged in with an id in order to see the page I'm trying to validate. I appreciate all inputs in advance. Thank you :)
Edit: My ultimate goal is to have a link that will submit my page's source code to w3c's XHTML validator.
This is due to Cross-site Scripting (XSS) Filter enabled in the browser.
This can be solved by disbaling xss filter.
Check here on how to disable it
The only way around it without modifying browser settings is to set up a proxy script on your server that will forward data to http://validator.w3.org/check using libcurl and print the result. This way all cross-site traffic is moved to the server side where there are no such restrictions.
There are other options, such as setting up your own local copy of the validator. See the validator documentation for more details.
You can disable IE's XSS filter on a per-page basis by sending the following HTTP header.
X-XSS-Protection: 0