[jQuery] Re: Is it possible to hide the destination URL of a link?

In your server side i'll create an encripted string to avoid user edition in the url. Looks like this:

 

http://mysite.com?delete=true&id=123&encriptedURL=WXObT4eqDq+8iij5MksGDdaq

 

encriptedURL variable contains the string delete=true&id=123 but in encripted format.

 

After user click, your application will convert the query params and compare with encriptedURL content. It's the same, ok? Otherwise display a message. In ColdFusion I used this code to generate that encripted variable:

 

<cfset yourURL = 'delete=true&id=123'>
<cfset yourURLEncripted = encrypt( yourURL, 'yourkey', 'CFMX_COMPAT', 'Base64' )>

Cheers

Marco Antonio

 

 

On Fri, Jul 31, 2009 at 6:36 AM, Adrian Lynch <adelynch@xxxxxxxxxxxxxx> wrote:

I think you could do something like the following:

<a href="" you want in here" class="id-123">Delete</a>

<script type="text/_javascript_">
       $("a").click(function() {
               var id = $(this).attr("class").split("-")[1];
               this.href = "" + id;
       });
</script>

But this isn't really the solution you want to go with.

Firstly, if you're using links to delete things, what happens if a bot
somehow gets into your site and starts clicking on all those links?
I've heard of people having there admin areas indexed by Google and
all sorts of hell breaking lose!

Make this sort of action happen via a POST request, not a GET.

If in your application deletions should only be done by certain
people, check this in your code before deleting.

Secondly, to solve the issue of a refresh happening and causing an
error, relocate back to the page after you have deleted the item.

You're right to be worried about this, I know that if I saw a URL
with ?action="" in, I'd be tempted to give ?
action="" ?action="" ?action="" a
try too! ;O)

On Jul 31, 12:49 am, Anoop kumar V <anoopkum...@xxxxxxxxx> wrote:
> I have a menu, on which is a delete link. The URL of the link is quite
> plain:http://mysite.com?delete=true&id=123
> (quite obvious I think that the request is to delete the id=123)
>
> I wish to hide the destination URL in the browser from the user - so that it
> shows a harmless url like:http://mysite.com?#or similar. The reasons are
> more aesthetic than anything else. Also the other advantage is once the user
> clicks on the link, and then hits on refresh, the request gets posted again
> and because the id=123 has already been deleted, it will just generate an
> error.. Does that make sense?
>
> I dont mind using ajax for this - but would love if I could get both options
> - ajax and non-ajax.
>
> Thanks,
> Anoop