Home/ Questions/Q 7522295
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T02:28:56+00:00

I’m using variable passing through a URL (ie .derp.html?name=derp?lname=herp) to a popup (which uses

  • 0

I’m using variable passing through a URL (ie “.derp.html?name=derp?lname=herp”) to a popup (which uses these parameters to prefill information on the page). Although these pages are internal, I want to create more security. I do not want someone to type in their own link and submit a form with fake values.

I was thinking of having a function run once the link is opened instead, which opens the popup, and sends the parameters through variables to the new window, instead of through the URL. However, I would still need to send values to the java script function…

Anything else I can do to be more secure?

EDIT: Let me rephrase then… This is not public, this is internal. I’m not expecting users to try and hack into the system to create fake forms.

I can’t do server-side validation because I’m working with very old methods like tabular data control in IE. There is no real data base to verify anything.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can POST the values, instead of appending them to the URL. This is what HTML forms are for. For example:

    <form action="derp.html" method="POST" target="myNewWindow">
    <input type="hidden" value="derp" name="name"/>
    <input type="hidden" value="derp" name="lname"/>
    <a href="#" onclick="window.open("myNewWindow");this.parentNode.submit()">Click to open in a new window</a>
</form>
    • 0