aspose file tools*
The moose likes Struts and the fly likes Hidden text field values appear in the url/address bar Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Hidden text field values appear in the url/address bar" Watch "Hidden text field values appear in the url/address bar" New topic
Author

Hidden text field values appear in the url/address bar

Ian Schofield
Greenhorn

Joined: Dec 09, 2009
Posts: 3
Greetings,

I have a few hidden input fields that, upon sending to the server, automagically appear in the address bar of the browser. Thus when sending the below form to my action:


It always copies my hidden input fields to my url:


Obviously seeing my hidden variables in the address bar makes my eyes bleed but I also want to avoid unnecessary redirects (I think that's what is happening?) and broadcasting this information via GET.

I've tried the following thus far, to no avail:


I have inherited the Stuts 1.3 application, and have tried using form beans as well, without success.

Could some kind soul put me out of my misery by either indicating where in the configuration I can change this functionality or just shoot me?

Thanks!
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

No redirects that I know of--make the form a POST form if you don't want GET parameters in the URL. Not really Struts related, since you're not using the Struts form tags.
Ian Schofield
Greenhorn

Joined: Dec 09, 2009
Posts: 3

Wow, if it's that simple I'm embarrassed. Thanks, will try that at work tomorrow
Ian Schofield
Greenhorn

Joined: Dec 09, 2009
Posts: 3
Confirmed. I'm an idiot. Thank you again David.
Tudor Raneti
Ranch Hand

Joined: Nov 29, 2009
Posts: 145
Don't be bothered about params showing in your URL. They are at worst a hint for a site attacker (which can be extracted most of the time anyway).
First of all GET URLs can be bookmarked so the client jumps in back w/o completing the form again.
Also GET method is less processing power hungry than the POST method, although you have a limitation imposed by the browser on how long the URL must be.
Finally you can do URL Rewrite to hide the params from showing in the address bar and stop bleeding about it :P
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Tudor Andrei Raneti wrote:Also GET method is less processing power hungry than the POST method

Not in any meaningful way, though--I wouldn't bother listing that in my pros and cons when I was deciding which. Personally I tend to follow REST as much as possible (and convenient) when deciding between POST and GET. And in general, you don't really want to have destructive operations bookmarkable--too much chance for problems.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Hidden text field values appear in the url/address bar