Hello,
I'm developing a web application that contains a list with multiple elements. My idea is that after clicking on one of the elements, it opens a new page with the details of the element clicked. For this, at the moment, I have to put something that identifies me the element: <div class="elem" data-id="2"> .
At this point, the lines in my list are being placed as follows (I'm using .NET MVC):
@foreach (KnowAcquisitionParticipant participant in Model.Participants)
{
<div class="famo-row famo-body-row" data-is-new-participant="no" data-id="@participant.Employee.ID">
<div class="famo-cell famo-col-1">
<select class="famo-input famo-text-10" name="participantID">
<option value=""></option>
@foreach (Employee employee in Model.Employees)
{
<option value="@employee.ID" @(employee.ID == participant.Employee.ID ? "selected" : string.Empty)>@employee.Name</option>
}
</select>
</div>
<div class="famo-cell famo-col-2">
<input type="text" class="famo-input famo-text-10" name="totalHours" value="@(participant.TotalHours.HasValue ? participant.TotalHours.Value.ToString() : string.Empty)" />
</div>
<div class="famo-cell famo-col-3">
<input type="text" class="famo-input famo-text-10" name="activeHours" value="@(participant.ActiveHours.HasValue ? participant.ActiveHours.Value.ToString() : string.Empty)" />
</div>
<div class="famo-cell famo-col-4 text-center">
<button type="button" class="famo-button famo-cancel-button button-delete-participant">
<span class="fa fa-trash"></span>
</button>
</div>
</div>
}
However, I think someone can easily change the value of data-id and cause it to enter another page than the one supposed to be (I have a process that validates on the server whether the user has access or not).
I've been seeing other sites like Gmail or Outlook.com, and I do not seem to have any identifiers for the emails, and even when they seem to have it, I change it but always open the correct email.
How is it possible?