Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Hidden text field values appear in the url/address bar

 
Ian Schofield
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Greetings,

I have a few hidden input fields that, upon sending to the server, automagically appear in the address bar of the browser. Thus when sending the below form to my action:


It always copies my hidden input fields to my url:


Obviously seeing my hidden variables in the address bar makes my eyes bleed but I also want to avoid unnecessary redirects (I think that's what is happening?) and broadcasting this information via GET.

I've tried the following thus far, to no avail:


I have inherited the Stuts 1.3 application, and have tried using form beans as well, without success.

Could some kind soul put me out of my misery by either indicating where in the configuration I can change this functionality or just shoot me?

Thanks!
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No redirects that I know of--make the form a POST form if you don't want GET parameters in the URL. Not really Struts related, since you're not using the Struts form tags.
 
Ian Schofield
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Wow, if it's that simple I'm embarrassed. Thanks, will try that at work tomorrow
 
Ian Schofield
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Confirmed. I'm an idiot. Thank you again David.
 
Tudor Raneti
Ranch Hand
Posts: 145
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't be bothered about params showing in your URL. They are at worst a hint for a site attacker (which can be extracted most of the time anyway).
First of all GET URLs can be bookmarked so the client jumps in back w/o completing the form again.
Also GET method is less processing power hungry than the POST method, although you have a limitation imposed by the browser on how long the URL must be.
Finally you can do URL Rewrite to hide the params from showing in the address bar and stop bleeding about it :P
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tudor Andrei Raneti wrote:Also GET method is less processing power hungry than the POST method

Not in any meaningful way, though--I wouldn't bother listing that in my pros and cons when I was deciding which. Personally I tend to follow REST as much as possible (and convenient) when deciding between POST and GET. And in general, you don't really want to have destructive operations bookmarkable--too much chance for problems.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic