Whether or not you can do this, I would be very very careful about
where you do this. Passing form data on the url is one of the easier
entry-points to a cross-site request forgery (CSRF) attack. While for
something like a search (or any read-only operation) this isn't an
issue, but if you are changing state, especially users' state, such as
their contact e-mail address or password, this is how request pages
get hijacked. Just a point to keep in mind. CSRF isn't impossible
with a form post, but it's slightly harder to execute.
Christian.
On Mar 9, 2009, at 8:22 AM, wrote:
Hi,
I have a page which has a form like this:
<t:form t:id="search">
<input t:type="select" t:id="category" model="categorySelectModel"
t:value="category" />
<input t:type="textfield" t:id="name" t:value="name" />
<input t:type="submit" name="Submit" t:id="Submit" />
</t:form>
in the onSuccess event I'm doing:
@InjectPage
private ShowResults showResults;
Object onSuccessFromSearch() {
showResults.setlst(lst);
return searchResults;
}
Instead of InjectPage, is there a way to push the form to
ShowResults in the
URL, something like what Google is doing:
http://www.google.com/search?hl=en&q=Tapestry&btnG=Google+Search&meta=
Thanks,
--
View this message in context:
http://www.nabble.com/T5%3A-passing-a-form-in-the-URL--tp22412124p22412124.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Christian Edward Gruber
christianedwardgru...@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
