I could be wrong, but I dont think there is much you can do about the query
string showing in the browser bar when you use a GET request (as results
from <a href="... ).
Now one thing you could do, but will probably prove impractical is to use a
POST request.
(Im presenting this idea more for your interest than as a practical
suggestion to implement. Its rather troublesome and doesnt get you very much
further in terms of the problem your having, but the info may be useful for
other things you do)
This would require the query parameters in hidden input fields on the form
(or more likely a seperate form on the same jsp or html page). The href for
your <a> now calls a javascript method.
I have a lot of forms with this script:
function submitWithMethod(sMethod)
{
document.XXX.elements['method'].value=sMethod;
document.XXX.submit();
}
where XXX is the name of the form.
The form has a hidden field 'method' (in your case the hidden fields
correspond to your own query parameters.)
My <a> tags look something like:
<a id="cancel" href="javascript:submitWithMethod('cancel');">Cancel</a>
And when submitted the query will be posted to the URL identified in that
forms action attribute.
Of course a user could always write up their own html page that submits to
that url and pass garbage parameters so you have only made it less
convienient to them to do so, and added a lot of work for yourself (I do
this stuff in my forms for other reasons - mostly related to my use of
DispatchActions).
Really any url a user can type in is fair game and your application must be
prepared to handle such input, however, if the user is going to start typing
in garbage urls then you dont have any obligation to provide them nice
handling of such garbage. Feel free to give them big nasty exception
messages as its their fault for trying to hack the system instead of using
the links provided;-)
regards
Andrew
-----Original Message-----
From: rayaku [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 11, 2002 00:51
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Encrypting/hiding querystring
Hi,
Does struts 1.0.2 support encrypting/hiding the querystring that is with <a
href=""> element.
There are several html:link elements in struts which almost do the same job
of html <a href>,
So is there any way to encrypt querystring information by html:link tags or
any other way to deal this.
I have several <a href=""> elements in jsp page and user can see what is
attached
to request and with this user can make application instable by filling up
some dummy data or deleting the query string, At server side when an Action
class is trying
to read this by using request.getParameter() it will get invalid information
that looks
nasty.
TIA
rayaku
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
