Passing parameter through URL

1

How do you pass a parameter to another view screen without the user seeing it in the URL?

For example: I have a query screen that the user clicks on the table and is redirected to another screen, which is the screen that opens the information of the field that was clicked, in case it can be a code.

the url would look like this:

link

Step it by JS, like this:

window.location = "Index?pId=" + $($(this).find('td').get(0)).text();

My problem is that I will need to pass a parameter, to indicate whether the fields on the screen may or may not be enabled.

Passing it through the URL would leave application vulnerable to changes, how can I proceed?

    
asked by anonymous 28.07.2017 / 20:27

2 answers

1

From what I understand from your description, it looks like the window object can do this for you:

var link = "" // Seu link aqui.
var newWindow = window.open(link, "_blank");

newWindow.paramTeste = "Este parâmetro foi transferido de uma pagina a outra.";

Test case: link

When you click the Redirect button, a new blank tab (or window) will be opened (this could be any other link to where you want to be redirected). Within the console (in F12 ), if you type window.paramTeste , you will see that the variable is defined. You can transfer any object from one window / tab to another in this way, without the need for other more complex methods.

Remember that this method still leaves you vulnerable to changes made by the user. It's just less obvious, but still easy to manipulate.

    
28.07.2017 / 22:30
1

There is no way to pass information from a client machine to a server machine that is proof of past information changes. Deal with it.

If you want to make a hacker's life much harder, you can make your users be forced to use an application instead of a page.

Otherwise ... If you just want to prevent laypersons from seeing the parameter values in the URL, you have a few options:

  • Make an SPA ;
  • Use POST instead of GET;
  • Make an AJAX request to the server, get the results, and then mount them on the screen. It has to do with the first alternative tangentially, but it does not necessarily require effort to rethink your system at that time. Here is an example pseudo-code:
$.ajax({
    dataType: "json",
    type: "get",
    url: "Index?pId=" + $($(this).find('td').get(0)).text(),
    success: function (resultado) {
        // obtenha o resultado aqui e coloque em algum componente da página
    }
})
    
28.07.2017 / 20:55