I want to pass form data from my website to a website not owned by me.

Question

I want to create a donation form on my website that forwards donors to the PayPal donation page at wikileaks.org. Wikileaks allows donations targeted for specific causes that Wikileaks supports. My website is fundraising for one of these causes.

My form won't pass any secure information like credit card #s, etc. I want it to send only the amount my visitors wish to donate, and the name of my charitable cause.

Here is some sample code: donate.htm

<html><head></head>
<body>
How much would you like to donate?
<form action="receive.php" method="get">
<label for="25">25</label>
<input name="amount" type="radio" value="25"></input>
<label for="50">50</label>
<input name="amount" type="radio" value="50"></input>
<input type="submit" value="Send" />
</form>
</body>
</html>

And here : receive.php

<html><head></head>
<body>
<form>
<input type="text" value="<?php echo $_GET['amount'] ?>"/>
</form>
</body>
</html>

This works because I own both pages. I don't own the wikileaks page, which may or may not run on PHP. My goal is to post "Hello Wikileaks" to the 'custom' form field below which is located at http://www.wikileaks.org/wiki/Special:Support#go_pp I should be able to figure out the rest if I can accomplish this.

<label>Message with your donation</label>
    <input class='text' name='custom' type='text' value='' />

Answer 1

This is most likely not possible, as there would have to be PHP (or other) code actively adding the value from the GET parameter inside the target page. Doing that in a PayPal payment form would not be very security conscious.

There is no Javascript workaround either, because you can't access the DOM of a page on another server from within your page (Single Origin Policy).

You will have to talk to Wikileaks and ask them whether there is any way to add the message.

Answer 2

As the form on wikileaks directly posts its data to PayPal I think your chances of success are limited. The wikileaks page does no processing of form data. Neither can you access the wikileaks form via Javascript from your page due to security restrictions.

You could however directly post to PayPal, thus copying the form from Wikileaks directly to your page and forwarding the user to PayPal.

Answer 3

If you don't mind submitting the form straight to Paypal on Wikileak's behalf, just copy the form's HTML from that page, including action='https://www.paypal.com/cgi-bin/webscr'.

Answer 4

You cannot, under no circumstances, decide with which data a field on a foreign website will be pre-filled. That's entirely up to the author of the foreign website.

What about another way:

The WikiLeaks PayPal donation form has its form action set to PayPal (which is how PayPal donations work), which means that no form data is posted to WikiLeaks itself.

If you want to offer your visitors a possibility to donate to WikiLeaks via PayPal, why don't you simply include the WikiLeaks donation form in your own website? Change the custom form field type from text to hidden and enter your charitable cause statically.

In either case, the visitor will be redirected to PayPal to authorize the payment.