My situation: I need to send text to an ASP.NET web service using POST. The entire page there is a form:
<form name="aspnetForm" method="post" action="Discussion.aspx?classroom=lG39il1cotOAGJwiNvmQlIPfwmjikD%2fAHLhjjGInAZQ%3d&Page=Posts&ID=794239&Sort=&SortOrder=" id="aspnetForm">
So, I figured if I sent a POST request to this form with the correct inputs it would work. And, to an extent, it has. The form inputs are as follows:
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDw..." />
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWYQLrt..." />
And a bunch of other inputs. The code I have used is as follows:
// grab form info
$inputs = extract_form_inputs($discussion['body']);
$inputs['__EVENTTARGET'] = 'ctl00$cphMain$ctl01$btnSubmit';
$inputs['ctl00$cphMain$ctl01$tbNickname'] = "Your Instructor";
$inputs['ctl00$cphMain$ctl01$reMessage'] = $message;
// submit form
$r = request_send($discussion['url'], $inputs);
extract_form_inputs does exactly that. $discussion['body'] is the content of the page. $discussion['url'] is the URL of the page. request_send has two arguments: ($url, $post_array). It performs rawurlencode on each element of the array and joins them up as keypairs, in the same way as http_build_query.
The request is url encoded properly, sent to the correct page, and works fine until I insert html tags. I have checked - the 'greater than' and 'less than' symbols ('<' and '>') are url-encoded properly. However, the server responds with a 500 error. It accepts any other text.
Has anyone else come across this sort of problem?
Is there some setting on an ASP.NET server that denies html? I can't see this being the case - there is a rich text editor on the website that I am sending requests to. This text editor performs the same request as I am, only I am doing it remotely. The rich text editor sends html to the form - I have checked that, too, using javascript.
Note: I do not have the power to modify the ASP.NET server.