I have this function that I use to send parameters via QueryString:
<script>
function Enviar(){
var string_request;
usuario = document.getElementById('Usuario').value;
password = document.getElementById('Password').value;
string_request = "Default.asp?Usuario=" + usuario + "&Password=" + password;
window.open(string_request);
}
</script>
The problem is that when entering the Default.asp web page, the user information and password are displayed.
Does anyone know of a way to hide this information?
You would have to pass the parameters in the request body, but unfortunately a GET request doesn't have a body (
body
), so you'll have to use POST.The problem is that this means that you will have to change the code, because loading a new page through a URL always makes a request with the GET method.
Simply create a form (
form
) that points toDefault.asp
and has the username and password as inputs, you don't even need to use Javascript:By having
target="_blank"
, sending the form will open a new tabThe GET Method sends information in the query string. The POST Method sends information in the body of the HTTP request.
Although even in the POST request it is possible to see this information using the browser's communications inspector, it is not visible within the querystring.
If you are sending information from a form you can add the method to use as a parameter of the form
<form id='miforma' method='POST'>