Geek Answers Handbook

Is it safe to use window.location to request page GET parameters?

I am doing an expert assessment, and I found that people using window.location.search are checking which parameters were sent to a given (search) page.

Is it safe? I thought that we could print the parameters in the HTML output inside the script block and check the printed variables instead of the window.location request.

+3
source share
4 answers

One comment about this approach. window.locationis set statically when the page loads and will not detect changes that the user has made to the address bar after this time. This should not be a problem, but it is important to know.

html :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>test</title>
    </head>
    <body>
        <a href="javascript:void(0);" 
                onclick="alert(window.location);">click me</a>
    </body>
</html>

"click me" onclick. , - , , .

, , , - , .

+1

javascript , window.location.search .

, : , , Netscape Navigator 2/MS Internet Explorer 3, , , - ().

+12

, "" " "?

, window.location , - W3C. 2006 : , . , " " , .

+1

?

. - > , , :

function getParameters() {
    var parameters= new Object();
    var parts= window.location.search.substring(1).split('\x26');
    for (var parti= parts.length; parti-->0;) {
        var subparts= parts[parti].split(';'); // support semicolon separators as well as ampersand (see HTML 4.01 section B.2.2)
        for (var subparti= subparts.length; subparti-->0;) {
            var parparts= subparts[subparti].split('=', 2);
            if (parparts.length==2)
                parameters[decodeURIComponent(parparts[0])]= decodeURIComponent(parparts[1]);
        }
   }
   return parameters;
}
0

More articles:


All Articles