How to avoid request parameters
First declare the property that you need to send in as a request parameter in html:hidden
<html:hidden name="RequestForm" property="requestDetailsKey"/>
Or in html:text
<div style="display:none">
<html:text name="PricingForm" property="searchType"/>
<html:text name="PricingForm" property="pricingTemplateKey"/>
</div>
Calling the JS code
<logic:present name="RequestForm" property="objSearchResultsList">
<logic:iterate id="row" name="RequestForm" property="objSearchResultsList">
<td nowrap class="rmt-tableCellTxt">
<a href="javascript:viewRequest(<bean:write name="row" property='requestDetailsKey'/>);">
<logic:notEmpty name="row" property='countryName'>
<bean:write name="row" property='countryName' />
</logic:notEmpty>
<logic:empty name="row" property='countryName'>
----
</logic:empty>
</a>
</td>
JS Code:
function viewRequest(ptkey) {
var requestDetailsKey = document.forms[0].requestDetailsKey;
requestDetailsKey.value=ptkey;
document.forms[0].action='viewRequest.do';
document.forms[0].submit();
}
What are we doing here?
We are sending the requestdetailskey as input to the JS script. With this approach we are NOT appending the requestdetailskey to the URL which is an obvious security threat and NOT a professional approach.
Here we are also checking for conditions like whether countryName is null or not. If it is null then show dashes as link or display the country name as link.
It was handled earlier as request parameters.
<td nowrap class="rmt-tableCellTxt"> <a href="viewRequest.do?requestDetailsKey=<bean:write name="row" property="requestDetailsKey"/>
"><bean:write name="row" property='countryName' />
<html:hidden name="RequestForm" property="requestDetailsKey"/>
Or in html:text
<div style="display:none">
<html:text name="PricingForm" property="searchType"/>
<html:text name="PricingForm" property="pricingTemplateKey"/>
</div>
Calling the JS code
<logic:present name="RequestForm" property="objSearchResultsList">
<logic:iterate id="row" name="RequestForm" property="objSearchResultsList">
<td nowrap class="rmt-tableCellTxt">
<a href="javascript:viewRequest(<bean:write name="row" property='requestDetailsKey'/>);">
<logic:notEmpty name="row" property='countryName'>
<bean:write name="row" property='countryName' />
</logic:notEmpty>
<logic:empty name="row" property='countryName'>
----
</logic:empty>
</a>
</td>
JS Code:
function viewRequest(ptkey) {
var requestDetailsKey = document.forms[0].requestDetailsKey;
requestDetailsKey.value=ptkey;
document.forms[0].action='viewRequest.do';
document.forms[0].submit();
}
What are we doing here?
We are sending the requestdetailskey as input to the JS script. With this approach we are NOT appending the requestdetailskey to the URL which is an obvious security threat and NOT a professional approach.
Here we are also checking for conditions like whether countryName is null or not. If it is null then show dashes as link or display the country name as link.
It was handled earlier as request parameters.
<td nowrap class="rmt-tableCellTxt"> <a href="viewRequest.do?requestDetailsKey=<bean:write name="row" property="requestDetailsKey"/>
"><bean:write name="row" property='countryName' />
posted by Vishnu | 2:23 AM
0 Comments:
Post a Comment
<< Home