[Javascript] Prepacking the HTTP_POST array from JavaScript
David Lovering
dlovering at gazos.com
Tue Aug 26 12:09:40 CDT 2003
Rather than indulge in any prolonged sessions of navel-diving, I decided to
buckle under to public sentiment and adopt the hidden field approach. I
packed the hidden field with an encrypted array containing the "secret
sauce" parameters only after the onsubmit event is triggered, and clear the
field immediately after the "submit" returns. Seems to work OK, but the
lack of elegance is .... well.... (shudder!) ... inelegant.
-- Dave Lovering
> ----- Original Message -----
> From: "Chris Tifer" <christ at saeweb.com>
> To: "[JavaScript List]" <javascript at LaTech.edu>
> Sent: Tuesday, August 26, 2003 9:20 AM
> Subject: Re: [Javascript] Prepacking the HTTP_POST array from JavaScript
>
>
> > One thing might be to change the .action property of the form, but:
> >
> > > Also, I don't want the user on the client machine to be able to
> > > query those variables, as some of them may give them an edge in
> > penetrating
> > > aspects of the code I'd just as soon keep secure.
> >
> > Client-side and secure do not mix. I don't know what "security-related
> > thingies"
> > can possibly be done client-side that an advanced user can't figure out.
> >
> > Chris Tifer
> > http://emailajoke.com
> >
> >
> > ----- Original Message -----
> > From: "David Lovering" <dlovering at gazos.com>
> > To: "[JavaScript List]" <javascript at LaTech.edu>
> > Sent: Tuesday, August 26, 2003 12:11 PM
> > Subject: [Javascript] Prepacking the HTTP_POST array from JavaScript
> >
> >
> > > Anybody have any insanely cute ways of pre-packing some additional
> > variables
> > > onto a HTTP_POST session (in addition to the form fields) prior to
> > invoking
> > > the appropriate htmlForm.submit() call? I'd like to be able to
augment
> > the
> > > formlist fields with some computed fields (mostly involving
> > security-related
> > > thingies), and I sure don't want to stick in any more hidden fields if
I
> > can
> > > help it. Also, I don't want the user on the client machine to be able
> to
> > > query those variables, as some of them may give them an edge in
> > penetrating
> > > aspects of the code I'd just as soon keep secure.
> > >
> > > For example, if I have a form
> > >
> > > <form name='myForm' id='myForm' enctype='multipart/form-data'
> > method='post'
> > > onsubmit='myCode.js' action='dosomething.php'>
> > > <table cellspacing=0 cellpadding=3 align='center' valign='top'
> border=0>
> > > <tr>
> > > <td align='right' valign='middle'>my input</td>
> > > <td align='left' valign='middle'><input type='text' size=30
> > > name='my_input' value=''></td>
> > > </tr>
> > > <tr>
> > > <td></td>
> > > <td align='left' valign='middle'><input type='submit'
> > > value='submit'></td>
> > > </tr>
> > > </table>
> > > </form>
> > >
> > > what must I insert in the code routine 'myCode.js' to add another
field,
> > say
> > > 'authcode=F7A623' to the HTTP_POST_VARS array which is seen by
> > > dosomething.php?
> > >
> > > With HTTP_GET variables it is simply a matter of packing the URL with
> the
> > > variable-names, their values, and the appropriate separators.
> Obviously,
> > > with a POST this method doesn't strictly apply.
> > >
> > > [Don't get hung up on the PHP code issue -- the forms handler could be
> > > almost anything].
> > >
> > > -- Dave Lovering
> > >
> > >
> > > _______________________________________________
> > > Javascript mailing list
> > > Javascript at LaTech.edu
> > > https://lists.LaTech.edu/mailman/listinfo/javascript
> > >
> >
> > _______________________________________________
> > Javascript mailing list
> > Javascript at LaTech.edu
> > https://lists.LaTech.edu/mailman/listinfo/javascript
> >
> >
>
>
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
>
>
More information about the Javascript
mailing list