[Javascript] Prepacking the HTTP_POST array from JavaScript

Chris Tifer christ at saeweb.com
Tue Aug 26 11:20:00 CDT 2003 

One thing might be to change the .action property of the form, but:

> Also, I don't want the user on the client machine to be able to
> query those variables, as some of them may give them an edge in
penetrating
> aspects of the code I'd just as soon keep secure.

Client-side and secure do not mix. I don't know what "security-related
thingies"
can possibly be done client-side that an advanced user can't figure out.

Chris Tifer
http://emailajoke.com


----- Original Message ----- 
From: "David Lovering" <dlovering at gazos.com>
To: "[JavaScript List]" <javascript at LaTech.edu>
Sent: Tuesday, August 26, 2003 12:11 PM
Subject: [Javascript] Prepacking the HTTP_POST array from JavaScript


> Anybody have any insanely cute ways of pre-packing some additional
variables
> onto a HTTP_POST session (in addition to the form fields) prior to
invoking
> the appropriate htmlForm.submit() call?  I'd like to be able to augment
the
> formlist fields with some computed fields (mostly involving
security-related
> thingies), and I sure don't want to stick in any more hidden fields if I
can
> help it.  Also, I don't want the user on the client machine to be able to
> query those variables, as some of them may give them an edge in
penetrating
> aspects of the code I'd just as soon keep secure.
>
> For example, if I have a form
>
> <form name='myForm' id='myForm' enctype='multipart/form-data'
method='post'
> onsubmit='myCode.js' action='dosomething.php'>
>   <table cellspacing=0 cellpadding=3 align='center' valign='top' border=0>
>     <tr>
>       <td align='right' valign='middle'>my input</td>
>       <td align='left' valign='middle'><input type='text' size=30
> name='my_input' value=''></td>
>     </tr>
>     <tr>
>       <td></td>
>       <td align='left' valign='middle'><input type='submit'
> value='submit'></td>
>     </tr>
>   </table>
> </form>
>
> what must I insert in the code routine 'myCode.js' to add another field,
say
> 'authcode=F7A623' to the HTTP_POST_VARS array which is seen by
> dosomething.php?
>
> With HTTP_GET variables it is simply a matter of packing the URL with the
> variable-names, their values, and the appropriate separators.  Obviously,
> with a POST this method doesn't strictly apply.
>
> [Don't get hung up on the PHP code issue -- the forms handler could be
> almost anything].
>
> -- Dave Lovering
>
>
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
>

More information about the Javascript mailing list