• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Hidden text field values appear in the url/address bar

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Greetings,

I have a few hidden input fields that, upon sending to the server, automagically appear in the address bar of the browser. Thus when sending the below form to my action:


It always copies my hidden input fields to my url:


Obviously seeing my hidden variables in the address bar makes my eyes bleed but I also want to avoid unnecessary redirects (I think that's what is happening?) and broadcasting this information via GET.

I've tried the following thus far, to no avail:


I have inherited the Stuts 1.3 application, and have tried using form beans as well, without success.

Could some kind soul put me out of my misery by either indicating where in the configuration I can change this functionality or just shoot me?

Thanks!
 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No redirects that I know of--make the form a POST form if you don't want GET parameters in the URL. Not really Struts related, since you're not using the Struts form tags.
 
Ian Schofield
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Wow, if it's that simple I'm embarrassed. Thanks, will try that at work tomorrow
 
Ian Schofield
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Confirmed. I'm an idiot. Thank you again David.
 
Ranch Hand
Posts: 145
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't be bothered about params showing in your URL. They are at worst a hint for a site attacker (which can be extracted most of the time anyway).
First of all GET URLs can be bookmarked so the client jumps in back w/o completing the form again.
Also GET method is less processing power hungry than the POST method, although you have a limitation imposed by the browser on how long the URL must be.
Finally you can do URL Rewrite to hide the params from showing in the address bar and stop bleeding about it :P
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tudor Andrei Raneti wrote:Also GET method is less processing power hungry than the POST method


Not in any meaningful way, though--I wouldn't bother listing that in my pros and cons when I was deciding which. Personally I tend to follow REST as much as possible (and convenient) when deciding between POST and GET. And in general, you don't really want to have destructive operations bookmarkable--too much chance for problems.
 
Hey! Wanna see my flashlight? It looks like this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic