[ColdBox 3.5] Hidden Variables in RC

28 views
Skip to first unread message

Chintu

unread,
May 9, 2017, 9:54:58 PM5/9/17
to ColdBox Platform
Hello

     I am a new entrant to the ColdBox world. I happened to take over an application to maintain it and posed with the following requirement. "Remove all Hidden variables from the views". How would i do that and maintain the current functionality. Below is the sample snippet of the code cycle.

--------dspFunction-------

<cffunction name="dspFunction" access="public" returntype="void" output="false">

      <cfset var rc = event.getCollection() />

      <cfset rc.xehInfo =  "ehFunction.doFunction" />

      <cfset rc.emp_name = "John" />

      

      <cfset Event.setView("ehFunction/vwEmpInfo") />

      

</cffunction>


-----------View------------

<cfoutput>


<form id="form1" name="form1" action="#cgi.SCRIPT_NAME#" method="post">

    <input name="event" type="hidden" id="event" value="#Event.getValue("xehInfo")#" /> 

    <input type="hidden" name="Emp_Name" id="Emp_Name" value="#rc.EMP_NAME#">

</form>

</cfoutput>


--------doFunction-------


<cffunction name="doFunction" access="public" returntype="any" output="false">


     <cfset var rc = event.getCollection() />


     <cfset p_emp_name = Trim(rc.Emp_Name) />


</cffunction>


How do i remove the hidden variables and make sure the "do" handler has the rc variables(that are set in "dsp") available  ??


Thanks

Chintu


br...@bradwood.com

unread,
May 9, 2017, 11:23:03 PM5/9/17
to col...@googlegroups.com
Can you explain what you're trying to accomplish?  What is the goal of removing hidden fields.  I ask because that changes my answer :)  For instance, you could simply move the values in the hidden fields to the query string of the form post, but that wouldn't be good if your goal was to not have that information visible in the browser.  In that case, you'd need to use a persistent scope to store that data.  This really has nothing to do with ColdBox.
 
And an unrelated note:  you don't need to have rc = event.getCollection() in your handler methods.  ColdBox has been passing rc in the arguments scope for a long time now.
 
Thanks!

~Brad

ColdBox/CommandBox Developer Advocate
Ortus Solutions, Corp

E-mail: br...@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com 
 
 
--------- Original Message ---------
Subject: [coldbox:26397] [ColdBox 3.5] Hidden Variables in RC
From: "Chintu" <hari....@gmail.com>
Date: 5/9/17 8:17 pm
To: "ColdBox Platform" <col...@googlegroups.com>

Hello
 
     I am a new entrant to the ColdBox world. I happened to take over an application to maintain it and posed with the following requirement. "Remove all Hidden variables from the views". How would i do that and maintain the current functionality. Below is the sample snippet of the code cycle.
 
--------dspFunction-------
 

<cffunctionname="dspFunction"access="public"returntype="void"output="false">

 

      <cfset var rc = event.getCollection() />

      <cfset rc.xehInfo =  "ehFunction.doFunction"/>

      <cfset rc.emp_name = "John" />

      

      <cfset Event.setView("ehFunction/vwEmpInfo") />

      

</cffunction>

 

-----------View------------

<cfoutput>

 

<formid="form1"name="form1"action="#cgi.SCRIPT_NAME#"method="post">

    <inputname="event"type="hidden"id="event"value="#Event.getValue("xehInfo")#"/> 

    <inputtype="hidden"name="Emp_Name"id="Emp_Name"value="#rc.EMP_NAME#">

</form>

</cfoutput>

 

--------doFunction-------

 

 

<cffunctionname="doFunction"access="public"returntype="any"output="false">

 

     <cfset var rc = event.getCollection() />

 

     <cfset p_emp_name = Trim(rc.Emp_Name) />

 

</cffunction>

 

How do i remove the hidden variables and make sure the "do" handler has the rc variables(that are set in "dsp") available  ??

 

Thanks

Chintu

 

 

--
--
You received this message because you are subscribed to the Google Groups "ColdBox Platform" group.
For News, visit http://blog.coldbox.org
For Documentation, visit http://wiki.coldbox.org
For Bug Reports, visit https://ortussolutions.atlassian.net/browse/COLDBOX
---
You received this message because you are subscribed to the Google Groups "ColdBox Platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coldbox+u...@googlegroups.com.
To post to this group, send email to col...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/coldbox/90008a5c-9f02-44e7-8388-6e979d804bfd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Chintu

unread,
May 10, 2017, 9:10:21 AM5/10/17
to ColdBox Platform
Thanks Brad. The Client states that it is a security issue as users (essentially hackers) can see the data in the hidden fields and can manipulate them. 

br...@bradwood.com

unread,
May 10, 2017, 10:43:13 AM5/10/17
to col...@googlegroups.com
Ok, that's what I wondered. In that case, the solution is the same as it would be on any CF app.  You'll need to set the data into a persistent scope like session and then retrieve it from there after the form submits.  Just make sure you take care of situations like where the form may sit for a long time and the session times out.
--------- Original Message ---------
Reply all
Reply to author
Forward
0 new messages