[SOLVED] Â Prefill Form via URL Parameters |
5/7/2020 10:48:15 AM |
PHPRunner General questions | |
W
WisTex author
Sometimes it is convenient to prefill forms via URL so that the user has less data entry and you do not have to make multiple versions of the same form.
|
|
admin 5/7/2020 | |
Sure, it is possible, use$_GET["category"] as a default value. |
W
|
WisTex author 5/7/2020 |
Sure, it is possible, use$_GET["category"] as a default value. Just remember that this is not secure.
|
admin 5/7/2020 | |
If one user sends a link to this page to another user and prefills it with a specially crafted Javascript code that can send data somewhere else. The idea is explained here: |
W
|
WisTex author 5/10/2020 |
If one user sends a link to this page to another user and prefills it with a specially crafted Javascript code that can send data somewhere else. The idea is explained here: https://blog.alertlogic.com/blog/client-side-injection-attacks/ I need to add that both PHPRunner and modern browsers are taking measures to prevent this from happening, I just wanted to remind that this is potentially unsafe.
|
admin 5/10/2020 | |
There is a number of ways to do that and the phrase you need to Google is "php sanitize get parameters". This is not specific to PHPRunner in any way. |
W
|
WisTex author 5/10/2020 |
There is a number of ways to do that and the phrase you need to Google is "php sanitize get parameters". This is not specific to PHPRunner in any way.
|