-1

I'm making a project for my school.

It's a page-source viewer, but I've ran in to a problem..

Using google chrome, I get this error: Uncaught SyntaxError: Unexpected token : main.php:10

HTML:

<html>
 <head>
 <title>Codeview - See how your code turns out!</title>
 <link rel="stylesheet" type="text/css" href="style.css">
 <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
 </head>
 <body>
 <script>
 var url = <?php echo "$url"; ?>
 var oReq = new XMLHttpRequest();
 oReq.open("GET", url, true);
 console.log(oReq.response);
 </script>
 <div id="header">
 <h2>Codeview</h2>
 </div>
 <div id="main">
 <br>
 <h3>Code of <?php echo $url;?>:</h3>
 <hr>
 <div id="code">
 </div>
 <iframe id="Code" class="code"></iframe>
 </div>
 </body>
</html>

PHP:

<?php
function contains($needle, $haystack)
{
 return strpos($haystack, $needle) !== true;
}
$url = $_POST['url'];
if (strpos($url, "http://") !== false) {
$url = $url;
} else {
$url = "http://" . $url;
}
?>

I cant find a colon (:) anywhere on line 10 in my code..

What am I doing wrong?

asked Nov 4, 2013 at 15:41
5
  • 2
    You have a JavaScript error. Show us the client side code, not the server side code that generates it. Commented Nov 4, 2013 at 15:43
  • 2
    My guess would be that you're missing quotes around the url you're echoing, ending up with var url = http: ...; that's where your unexpected : comes from. Commented Nov 4, 2013 at 15:46
  • 1
    You need to look at the source of the page. The code that's rendered by PHP. Commented Nov 4, 2013 at 15:47
  • Why are you using native JavaScript's XMLHttpRequest when using jQuery? Commented Nov 4, 2013 at 15:54
  • So far you have 5 valid answers and another answer in the comments. You need to accept this. Commented Nov 4, 2013 at 16:19

6 Answers 6

9

This: var url = <?php echo "$url"; ?>

Will output something like:

var url = http://example.com

Strings in JavaScript need to be quoted. You are also vulnerable to XSS attacks.

Use json_encode to convert a PHP string to a JavaScript string.

It is also good practise not to depend on semi-colon insertion. 

var url = <?php echo json_encode("$url"); ?>;
answered Nov 4, 2013 at 15:44
Sign up to request clarification or add additional context in comments.

Comments

2

You need quotes around strings in JavaScript.

var url = <?php echo "$url"; ?>

This renders as:

var url = http://google.com

That's a syntax error! Try this:

var url = <?php echo json_encode($url); ?>;

That will add the quotes for you.

answered Nov 4, 2013 at 15:45

Comments

1

You need to use quotes when printing into the variable declaration in your JS code:

var url = "<?php echo $url; ?>";

But don't use this code! It is vulnerable to cross-site scripting attacks. To escape the URL in the javascript context, use json_encode:

var url = <?php echo json_encode($url); ?>; /* this one is safe */
answered Nov 4, 2013 at 15:45

Comments

1

As a first step you should add quotes to your js var

var url = '<?php echo "$url"; ?>';
answered Nov 4, 2013 at 15:46

Comments

1

Change this:

var url = <?php echo "$url"; ?>

to this:

var url = '<?php echo "$url"; ?>';
answered Nov 4, 2013 at 15:47

Comments

-2

Try adding a semicolon to the end of this line and also wrap the PHP code in quotes:

var url = "<?php echo "$url"; ?>";
answered Nov 4, 2013 at 15:44

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.