[Javascript] Prepacking the HTTP_POST array from JavaScript

David Lovering dlovering at gazos.com
Tue Aug 26 11:41:03 CDT 2003 

After the appropriate loin-girding exercise, I tried appending the .action
declaration with some additional fields, etc.
As one might logically expect, there was no recognition of them by the forms
handler.  Does one have to sacrifice a goat or something to make this work?
Are there odd and recondite strings required to "join" the artificial
variables onto the HTTP_POST array?  Inquiring minds want to know...

-- Dave Lovering

----- Original Message ----- 
From: "Chris Tifer" <christ at saeweb.com>
To: "[JavaScript List]" <javascript at LaTech.edu>
Sent: Tuesday, August 26, 2003 9:20 AM
Subject: Re: [Javascript] Prepacking the HTTP_POST array from JavaScript


> One thing might be to change the .action property of the form, but:
>
> > Also, I don't want the user on the client machine to be able to
> > query those variables, as some of them may give them an edge in
> penetrating
> > aspects of the code I'd just as soon keep secure.
>
> Client-side and secure do not mix. I don't know what "security-related
> thingies"
> can possibly be done client-side that an advanced user can't figure out.
>
> Chris Tifer
> http://emailajoke.com
>
>
> ----- Original Message ----- 
> From: "David Lovering" <dlovering at gazos.com>
> To: "[JavaScript List]" <javascript at LaTech.edu>
> Sent: Tuesday, August 26, 2003 12:11 PM
> Subject: [Javascript] Prepacking the HTTP_POST array from JavaScript
>
>
> > Anybody have any insanely cute ways of pre-packing some additional
> variables
> > onto a HTTP_POST session (in addition to the form fields) prior to
> invoking
> > the appropriate htmlForm.submit() call?  I'd like to be able to augment
> the
> > formlist fields with some computed fields (mostly involving
> security-related
> > thingies), and I sure don't want to stick in any more hidden fields if I
> can
> > help it.  Also, I don't want the user on the client machine to be able
to
> > query those variables, as some of them may give them an edge in
> penetrating
> > aspects of the code I'd just as soon keep secure.
> >
> > For example, if I have a form
> >
> > <form name='myForm' id='myForm' enctype='multipart/form-data'
> method='post'
> > onsubmit='myCode.js' action='dosomething.php'>
> >   <table cellspacing=0 cellpadding=3 align='center' valign='top'
border=0>
> >     <tr>
> >       <td align='right' valign='middle'>my input</td>
> >       <td align='left' valign='middle'><input type='text' size=30
> > name='my_input' value=''></td>
> >     </tr>
> >     <tr>
> >       <td></td>
> >       <td align='left' valign='middle'><input type='submit'
> > value='submit'></td>
> >     </tr>
> >   </table>
> > </form>
> >
> > what must I insert in the code routine 'myCode.js' to add another field,
> say
> > 'authcode=F7A623' to the HTTP_POST_VARS array which is seen by
> > dosomething.php?
> >
> > With HTTP_GET variables it is simply a matter of packing the URL with
the
> > variable-names, their values, and the appropriate separators.
Obviously,
> > with a POST this method doesn't strictly apply.
> >
> > [Don't get hung up on the PHP code issue -- the forms handler could be
> > almost anything].
> >
> > -- Dave Lovering
> >
> >
> > _______________________________________________
> > Javascript mailing list
> > Javascript at LaTech.edu
> > https://lists.LaTech.edu/mailman/listinfo/javascript
> >
>
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
>
>

More information about the Javascript mailing list