The Web Design Group

... Making the Web accessible to all.

Welcome Guest ( Log In | Register )

2 Pages V  1 2 >  
Reply to this topicStart new topic
> HTML markup problems., Page will not validate!
CharlesEF
post May 31 2013, 09:52 PM
Post #1


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



Hi All,

I hate to say this but I'm back. I found a free neat contact form for my web site, I changed the HTML to match my web site style. Now I'm trying to validate but I get 13 errors. I have tried for 2 days to figure this out on my own but here I am again.

The web page is: here. I'm trying to figure out why so many DIV's are reported as errors (at this time, anyway).

Any pointers would help me greatly.


Thanks for any help,

Charles
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Darin McGrew
post Jun 1 2013, 02:37 AM
Post #2


WDG Member
********

Group: Root Admin
Posts: 8,314
Joined: 4-August 06
From: Mountain View, CA
Member No.: 3



CODE
Warning: net-enabling start-tag; possibly missing required quotes around an attribute value
You're using XHTML markup in a document that claims to be HTML.

Where HTML uses
<img src=... alt=...>
<br>
<input>

instead, XHTML uses
<img src=... alt=... />
<br />
<input />

So just remove the extra / characters.

And it looks like
Error: element DIV not allowed here
is caused by the same thing as
Error: end tag for LEGEND omitted; possible causes include a missing end tag, improper nesting of elements, or use of an element where it is not allowed
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
CharlesEF
post Jun 1 2013, 11:56 AM
Post #3


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



Hi,

QUOTE(Darin McGrew @ Jun 1 2013, 02:37 AM) *

CODE
Warning: net-enabling start-tag; possibly missing required quotes around an attribute value
You're using XHTML markup in a document that claims to be HTML.

Where HTML uses
<img src=... alt=...>
<br>
<input>

instead, XHTML uses
<img src=... alt=... />
<br />
<input />

So just remove the extra / characters.

And it looks like
Error: element DIV not allowed here
is caused by the same thing as
Error: end tag for LEGEND omitted; possible causes include a missing end tag, improper nesting of elements, or use of an element where it is not allowed


And that's the strange part. The 2 input fields that show a ' />' character are not in the HTML markup. I don't see where they are coming from. Here is a small part of the actual HTML:

<form id="contactus" action="<?php echo $formproc->GetSelfScript();?>" method="post" accept-charset="UTF-8">
<fieldset>
<legend>
<label for="sendto">Contact Type: </label>
<select id="sendto" name="sendto">
<option value="webmaster@cef-inc.com" title="Comment about our web site.">Comment</option>
<option value="cef-inc@cef-inc.com" selected="selected" title="Question about our services.">Question</option>
</select>
<span id="contactus_sendto_errorloc" class="error"></span>
</legend>
<input type="hidden" name="submitted" id="submitted" value="1">
<input type="hidden" name="<?php echo $formproc->GetFormIDInputName();?>" value="<?php echo $formproc->GetFormIDInputValue(); ?>">
<input type="text" class="spmhidip" name="<?php echo $formproc->GetSpamTrapInputName();?>">
<div class="short_explanation">
<em class="req">required fields</em>
</div>

According to 'view source' the first input field is right after <form> and the 2nd input field is right after <fieldset> but they are not in the HTML. I have searched the 4 php support files and I do not see where it is coming from. I don't even see any kind of function call the put the <input> statements there.

This is why I'm lost with this problem. Can anyone else see my mistake?


Thanks for any help,

Charles

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 1 2013, 12:55 PM
Post #4


.
********

Group: WDG Moderators
Posts: 8,218
Joined: 10-August 06
Member No.: 7



Maybe you've mixed up the contact.php file that you uploaded with another one?

BTW both the inserted fields looks the same and insert what looks like a session ID value, which suggests they are generated by a server-side script:

CODE
<input type="hidden" name="PHPSESSID" value="fc95385b07e1a8eae495e0f855da81da" />


User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
CharlesEF
post Jun 1 2013, 02:31 PM
Post #5


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



QUOTE(Christian J @ Jun 1 2013, 12:55 PM) *

Maybe you've mixed up the contact.php file that you uploaded with another one?

BTW both the inserted fields looks the same and insert what looks like a session ID value, which suggests they are generated by a server-side script:

CODE
<input type="hidden" name="PHPSESSID" value="fc95385b07e1a8eae495e0f855da81da" />


Hi,

I wish it were that simple, but no, I have not mixed up the contact.php files. I have searched all support files for <input> thinking it was a string built and returned by a function. I have searched by the name 'PHPSESSID' but that too is not found anywhere either. I'm really stumped on this one.

I can zip the files together and post them if anyone wants me to.


Thanks for any help,

Charles
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
CharlesEF
post Jun 2 2013, 02:45 PM
Post #6


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



Hi again,

Well, you know the old saying, if you can't beat them - join them. With this in mind I changed the doctype to XHTML. Now I have just 1 error left but there is nothing I can do about it.

The error is: " document type does not allow element "input" here; missing one of "p", "h1", "h2", "h3", "h4", "h5", "h6", "div", "pre", "address", "fieldset", "ins", "del" start-tag"

The input field it points to is the one that is machine inserted right after the <form> and before the <fieldset> tags. Since I still don't know where they are coming from I can't fix it.

I also checked the original code, unchanged by me, and it too has the same 1 error. Guess I have to keep looking.


Thanks for any help,

Charles
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 2 2013, 03:30 PM
Post #7


.
********

Group: WDG Moderators
Posts: 8,218
Joined: 10-August 06
Member No.: 7



If you changed Doctype because of the INPUT ending slashes you might try the HTML5 Doctype instead, since it allows mixing HTML and XHTML syntax in the page. (X)HTML/strict requires a container element between the FORM and INPUT. You might also try (X)HTML/Transitional, which at least with HTML4 doesn't require the intermediate containers.

Personally I'd rather try to find the source of those two identical INPUT elements --maybe they'll even break the functionality of the form unless you remove them.

QUOTE
I can zip the files together and post them if anyone wants me to.

Please do...

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
CharlesEF
post Jun 2 2013, 06:22 PM
Post #8


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



QUOTE(Christian J @ Jun 2 2013, 03:30 PM) *

QUOTE
I can zip the files together and post them if anyone wants me to.

Please do...

Hi,

The zip file can be downloaded here. The directory contains the original files ready to run from that directory. I also put it up on my website here. Let me know if you need any other information.


Thanks for looking,

Charles
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 3 2013, 05:16 AM
Post #9


.
********

Group: WDG Moderators
Posts: 8,218
Joined: 10-August 06
Member No.: 7



QUOTE(CharlesEF @ Jun 3 2013, 01:22 AM) *

The zip file can be downloaded here.

I ran it on my test server and did not get the extra INPUT fields. Try making a fresh install, maybe you've added something by mistake.

BTW that contact form script was huge. blink.gif
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
CharlesEF
post Jun 3 2013, 12:09 PM
Post #10


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



Hi,
QUOTE(Christian J @ Jun 3 2013, 05:16 AM) *

QUOTE(CharlesEF @ Jun 3 2013, 01:22 AM) *

The zip file can be downloaded here.

I ran it on my test server and did not get the extra INPUT fields. Try making a fresh install, maybe you've added something by mistake.

BTW that contact form script was huge. blink.gif

The file you downloaded was the original file downloaded by me, not 1 line of code changed by me. I have noticed a couple of things about the hidden <input> fields.
1. The name=value is placed in other places in my web page, notice the menu links - ?PHPSESSID=5cc411ed17fb95f9524cbe399fe0ccfb is placed after every menu item. The form claims to use anit-spam/bot protection, maybe this has something to do with that?
2. Using Firefox sometimes the hidden <input> fields can't be seen when using 'view page source'. I have to use IE or run the page thru the W3 validator, showing the source, to see the hidden fields. Even when Firefox can't see them they are still there, just have to use another browser.


Thanks for the help,

Charles
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
CharlesEF
post Jun 3 2013, 12:19 PM
Post #11


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



Me again,

I just tested the 'view source' on the original contactform.php located here. IE did not show the hidden fields but when you run the code (page link) thru the W3 validator, showing source, you will see the 2 hidden <input> fields.

I'm not sure why I can see them sometimes and sometimes not.

I even moved the <legend> tag right next to the <form> tag, no space between, and the hidden fields were still inserted in the same exact spot.


Thanks for looking,

Charles

This post has been edited by CharlesEF: Jun 3 2013, 12:23 PM
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 3 2013, 01:53 PM
Post #12


.
********

Group: WDG Moderators
Posts: 8,218
Joined: 10-August 06
Member No.: 7



QUOTE(CharlesEF @ Jun 3 2013, 07:09 PM) *

1. The name=value is placed in other places in my web page, notice the menu links - ?PHPSESSID=5cc411ed17fb95f9524cbe399fe0ccfb is placed after every menu item.

True, I can see that on http://www.cef-inc.com/test/cef-inc/contact.php

Are the link URLs on that page generated by PHP? Could you post the part of the PHP file with the link code?

QUOTE
The form claims to use anit-spam/bot protection, maybe this has something to do with that?

Usually such things rely on javascript, which isn't able to rewrite HTML source.

QUOTE
The form claims to use anit-spam/bot protection, maybe this has something to do with that?

No idea, but normally PHP scripts don't change static content in a file: either the content is created by PHP or it's left alone.

A malware-infected server may insert content (either randomly or according to some kind of pattern, sometimes depending on cookies set). But I don't see why it would add session ID querystrings in links.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
CharlesEF
post Jun 3 2013, 02:08 PM
Post #13


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



Hi,
QUOTE(Christian J @ Jun 3 2013, 01:53 PM) *

QUOTE(CharlesEF @ Jun 3 2013, 07:09 PM) *

1. The name=value is placed in other places in my web page, notice the menu links - ?PHPSESSID=5cc411ed17fb95f9524cbe399fe0ccfb is placed after every menu item.

True, I can see that on http://www.cef-inc.com/test/cef-inc/contact.php

Are the link URLs on that page generated by PHP? Could you post the part of the PHP file with the link code?

QUOTE
The form claims to use anit-spam/bot protection, maybe this has something to do with that?

Usually such things rely on javascript, which isn't able to rewrite HTML source.

QUOTE
The form claims to use anit-spam/bot protection, maybe this has something to do with that?

No idea, but normally PHP scripts don't change static content in a file: either the content is created by PHP or it's left alone.

A malware-infected server may insert content (either randomly or according to some kind of pattern, sometimes depending on cookies set). But I don't see why it would add session ID querystrings in links.

Here is the menu.php file which gets included in every web page.

<div class="shadowblockmenu">
<ul>
<li><a href="/test/index.php"<?php echo ($page == 'home') ? $cssclass : "" ?>>Home</a></li>
<li><a href="/test/cef-inc/sony.php"<?php echo ($page == 'sony') ? $cssclass : "" ?>>Sony® PCG-K3x & Windows® 7</a>
<ul id="sony" class="hide">
<li><a href="/test/cef-inc/sony/win7/win7_install.php"<?php echo ($page == 'sonywin7') ? $cssclass : "" ?>> Windows® 7 install</a></li>
<li><a href="/test/cef-inc/sony/win7/nti7_install.php"<?php echo ($page == 'sonynti7') ? $cssclass : "" ?>> NTI® DVD-Maker 7 install</a></li>
<li><a href="/test/cef-inc/sony/win7/win7_obser.php"<?php echo ($page == 'sonyobser') ? $cssclass : "" ?>> Observations</a></li>
</ul>
</li>
<li><a href="/test/cef-inc/contact.php"<?php echo ($page == 'contact') ? $cssclass : "" ?>>Contact Us</a></li>
<li><a href="/test/cef-inc/about.php"<?php echo ($page == 'about') ? $cssclass : "" ?>>About Us</a>
<ul id="about" class="hide">
<li><a href="/test/cef-inc/about_find.php"<?php echo ($page == 'aboutfind') ? $cssclass : "" ?>> How to find us</a></li>
<li><a href="/test/cef-inc/about_us.php"<?php echo ($page == 'aboutus') ? $cssclass : "" ?>> Our team</a></li>
</ul>
</li>
</ul>
</div>

If you need anything else, just let me know. Also, I run anti-malware scans every week and a complete scan every month so I know I'm clean.


Thanks for your help,

Charles

This post has been edited by CharlesEF: Jun 3 2013, 02:10 PM
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 3 2013, 07:49 PM
Post #14


.
********

Group: WDG Moderators
Posts: 8,218
Joined: 10-August 06
Member No.: 7



QUOTE(CharlesEF @ Jun 3 2013, 09:08 PM) *

Here is the menu.php file which gets included in every web page.

The PHP in the links looks normal, it just appears to add a CLASS attribute if the link points to the current page. This is also used on the other pages, e.g. sony.php (look in the HTML for the Sony link on that page and you'll see class="selected").

The ?PHPSESSID part on the contact.php page seems to be something different. It appears to be inserted just before the double quote that comes before the PHP code:

CODE
<a href="/test/cef-inc/contact.php"<?php

<a href="/test/cef-inc/contact.php?PHPSESSID...

You might try removing parts of the contact page (especially the external PHP files) and see if/when it makes a difference.

QUOTE
I run anti-malware scans every week and a complete scan every month so I know I'm clean.

Do you run your own web server?

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
CharlesEF
post Jun 4 2013, 01:25 AM
Post #15


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



Hi,
QUOTE(Christian J @ Jun 3 2013, 07:49 PM) *

QUOTE(CharlesEF @ Jun 3 2013, 09:08 PM) *

Here is the menu.php file which gets included in every web page.

The PHP in the links looks normal, it just appears to add a CLASS attribute if the link points to the current page. This is also used on the other pages, e.g. sony.php (look in the HTML for the Sony link on that page and you'll see class="selected").

Yes, that is all it does, sets current page displayed.
QUOTE
The ?PHPSESSID part on the contact.php page seems to be something different. It appears to be inserted just before the double quote that comes before the PHP code:

CODE
<a href="/test/cef-inc/contact.php"<?php

<a href="/test/cef-inc/contact.php?PHPSESSID...

You might try removing parts of the contact page (especially the external PHP files) and see if/when it makes a difference.

I think I figured this out. PHPSESSID is a php session id variable. It seems to be started with the session_start() command. Line 61 of the php file called 'fgcontactform.php' contains this command. If I comment it out then the machine inserted <input> fields stop being inserted and the page will pass XHTML 1.0 strict validation. However, the captcha image does not match the entry value anymore. In other words, the capatcha image fails validation, so the message is never sent. Now, if I can figure out exactly what and how session_start() does I will be making progress.
QUOTE
I run anti-malware scans every week and a complete scan every month so I know I'm clean.

QUOTE
Do you run your own web server?

No, I'm on a hosting site.


Thanks for your help,

Charles
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Frederiek
post Jun 4 2013, 01:55 AM
Post #16


Programming Fanatic
********

Group: Members
Posts: 5,146
Joined: 23-August 06
From: Europe
Member No.: 9



You might want to look into http://green-beast.com/gbcf-v3/ for a "Secure and Accessible PHP Contact Form".
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 4 2013, 06:11 AM
Post #17


.
********

Group: WDG Moderators
Posts: 8,218
Joined: 10-August 06
Member No.: 7



QUOTE(CharlesEF @ Jun 4 2013, 08:25 AM) *

Hi,
QUOTE(Christian J @ Jun 3 2013, 07:49 PM) *

The PHP in the links looks normal, it just appears to add a CLASS attribute if the link points to the current page. This is also used on the other pages, e.g. sony.php (look in the HTML for the Sony link on that page and you'll see class="selected").

Yes, that is all it does, sets current page displayed.

Could you post the part where $page is defined, and also how contact.php sees that variable (e.g. through an included script)?

QUOTE
I think I figured this out. PHPSESSID is a php session id variable. It seems to be started with the session_start() command. Line 61 of the php file called 'fgcontactform.php' contains this command. If I comment it out then the machine inserted <input> fields stop being inserted

True, session_start() is a predefined PHP function, but it shouldn't add new INPUT elements by itself.

Regarding the session IDs, it appears "PHP is capable of transforming links transparently" (compare http://php.net/manual/en/session.idpassing.php and http://php.net/manual/en/session.configura...n.use-trans-sid ), which might explain why the nav menu links get them --to confirm this you might try creating a phpinfo() page and check if session.use_trans_sid is enabled. The reason you don't always see them might have someting to do with how cookies are being set.

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
CharlesEF
post Jun 4 2013, 12:19 PM
Post #18


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



QUOTE(Christian J @ Jun 4 2013, 06:11 AM) *

QUOTE(CharlesEF @ Jun 4 2013, 08:25 AM) *

Hi,
QUOTE(Christian J @ Jun 3 2013, 07:49 PM) *

The PHP in the links looks normal, it just appears to add a CLASS attribute if the link points to the current page. This is also used on the other pages, e.g. sony.php (look in the HTML for the Sony link on that page and you'll see class="selected").

Yes, that is all it does, sets current page displayed.

Could you post the part where $page is defined, and also how contact.php sees that variable (e.g. through an included script)?

Sure, it is only a couple of lines of code to set a couple of variables. The only page that uses these variables is menu.php, which I already posted.
<?php
$page = 'contact';
$cssclass = ' class="selected"';
?>
QUOTE
I think I figured this out. PHPSESSID is a php session id variable. It seems to be started with the session_start() command. Line 61 of the php file called 'fgcontactform.php' contains this command. If I comment it out then the machine inserted <input> fields stop being inserted

QUOTE
True, session_start() is a predefined PHP function, but it shouldn't add new INPUT elements by itself.

Regarding the session IDs, it appears "PHP is capable of transforming links transparently" (compare http://php.net/manual/en/session.idpassing.php and http://php.net/manual/en/session.configura...n.use-trans-sid ), which might explain why the nav menu links get them --to confirm this you might try creating a phpinfo() page and check if session.use_trans_sid is enabled. The reason you don't always see them might have someting to do with how cookies are being set.

Yes, I had seen some articles about php transforming links. I also read some that say PHPSESSID is also a possible security risk. It's all greek to me so I just turned off session.use_trans_sid on my website server (by editing php.ini).

I now have a form that validates 100% and I no longer have the PHPSESSID showing up anywhere. Problem solved, unless you think I made a mistake turning off session.use_trans_sid?


Thanks for the help,

Charles

This post has been edited by CharlesEF: Jun 4 2013, 12:21 PM
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
CharlesEF
post Jun 4 2013, 12:35 PM
Post #19


Programming Fanatic
********

Group: Members
Posts: 1,667
Joined: 27-April 13
From: Edinburg, Texas
Member No.: 19,088



Hi,
QUOTE(Frederiek @ Jun 4 2013, 01:55 AM) *

You might want to look into http://green-beast.com/gbcf-v3/ for a "Secure and Accessible PHP Contact Form".

Thanks for the link, I will check it out later, as I have now solved my problem with my current contact form.


Thanks for your input,

Charles
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 4 2013, 01:26 PM
Post #20


.
********

Group: WDG Moderators
Posts: 8,218
Joined: 10-August 06
Member No.: 7



QUOTE(CharlesEF @ Jun 4 2013, 07:19 PM) *

unless you think I made a mistake turning off session.use_trans_sid?

Not at all. Seems it's disabled by default, so any script requiring it should say so.

I also found this page on the subject:

"If you have forms and have left the default settings for the rewritable tags PHP will also add a hidden input to forms on your site but does that in such a way that your code cannot validate as XHTML 1.0 Strict or XHTML 1.1."

...so that explains the mysterious INPUT elements too. But I wonder why the PHP manual doesn't mention it (AFAIK).

QUOTE
Thanks for the help

You're welcome! This was interesting to investigate.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post

2 Pages V  1 2 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 21st September 2019 - 04:08 AM