Hiding passed parameters

Results 1 to 5 of 5

Thread: Hiding passed parameters

  1. #1
    flin Guest

    Default Hiding passed parameters

    I&#039d like to find a way to hide parameters passed to a ASP script. When I try to pass name=value parameters using &#060;A href="x.php3?a=aaaaaa&b=bbbbbb"&#062;, the entire string inside the quotes appear in IE&#039s caption (but not in NS). The same thing happens when I use window.open("url?a=aaaa&b=bbbb" . . .) without any window accessories (menubar=0, titlebar=0, toolbar=0, etc.).<BR><BR>I know that the POST method doesn&#039t expose passed parameters. But the above situations cannot use POST because no form is involved. Any solutions?<BR>

  2. #2
    peterjl@austec.net.au Guest

    Default RE: Hiding passed parameters

    2 ways:<BR><BR>You could easily convert to a form by putting your variables into hidden form fields in a form with post method and just a submit button as the trigger eg:<BR><BR>&#060;form action="your.asp" method=post&#062;<BR>&#060;input type=hidden name=f1 value="&#060;%=AspVariable%&#062;"&#062;<BR>&#060; input type=submit value="Go"&#062;<BR>&#060;/form&#062;<BR><BR>or <BR><BR>you could use frames, in which case the address bar only displays the url of the top frame.

  3. #3
    Vittal Aithal Guest

    Default RE: Hiding passed parameters

    Of course, AspVariable should be properly HTML escaped so that you&#039re not vulnerable to http://www.cert.org/advisories/CA-2000-02.html<BR><BR>Use Server.HTMLEncode() to do this, or roll your own, ensuring that at the very least &#060;, &#062; and " are all escaped to HTML safe values. I tend to include my own code that also changes win-latin characters into HTML entities.<BR><BR>more info:<BR>http://support.microsoft.com/support/kb/articles/Q252/9/85.ASP<BR>http://msdn.microsoft.com/library/psdk/iisref/vbob9aat.htm<BR>http://search.microsoft.com/us/Default.asp?so=RECCNT&qu=HTMLEncode&boolean=PHRASE &intCat=2&intCat=7&intCat=8&p=1&nq=NEW<BR><BR><BR> hth<BR>vittal<BR>(who is fed up with sorting out other people&#039s code that doesn&#039t do this ;-)

  4. #4
    flin Guest

    Default RE: Hiding passed parameters

    "your.asp" will still appear on the title bar. Maybe there&#039s some property in IE&#039s DOM that will allow programmers to set this value, something like VB&#039s Caption property in--<BR><BR> Form1.Caption = ""

  5. #5
    v0nx Guest

    Default RE: Hiding passed parameters

    Be cunning with frames, you can set up a frameset to hold the page you want to refresh - then the url would never change (of sourse, if you have IIS5.0, you can always server.transfer to the content you need)<BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts