Is it safe to use window.location to query the GET parameters of a page?

advertisements

I'm doing a peer review and I've found people using window.location.search to check what paremetes have been sent to a given (search) page.

Is it safe to do so? I was thinking that we could probably print the parameters in the HTML output inside a script block and verify the printed variables instead of querying window.location.

One thing to note about this approach. window.location is set statically on page load and will not detect changes that the user has made to the address bar after that time. This should not be a concern but it is important to know.

Save the following code as an html file and fire it up in a browser:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>test</title>
    </head>
    <body>
        <a href="javascript:void(0);"
                onclick="alert(window.location);">click me</a>
    </body>
</html>

The "click me" anchor will display the current window location onclick. However if you add anything to the address bar and click the link again it will report the same thing it did the first time.

Hopefully this is not a concern and I cannot imagine that it would affect you in any way but it is good to know.

Related Articles

How to redirect without using window.location

If I click a button from page A, the browser will redirect to page B. In page B if I click a another button again it redirects to Page A. Here I used window.location.href to redirect the new page. eg:window.location.href="http:\\localhost:12345\index

Could not load a new page using window.location from java code

I have one interceptor, in which I hv to redirect to main Page if session is invalid. I want to use window.location for same, but giving error. My Interceptor is : @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse res

Can not go back using window.location.href

i am developing an App using Icenium Graphite. at one point i am showing list of people using Kendo Grid which is having Edit button. using this edit button user can edit that particular record. when user clicks on Edit button that record gets open i

ionic: loads a div without using window.location.reload ()

I develop a mobile application using ionic. when someone authentificate, I save his data locally using localStorage and show these information in a div .but when another person want to authentificate after him, the div contains the old informaion .th

can not do window.location.reload () in the ajax call

Problem I am not able to refresh the page with window.location.reload() which is used inside the success call made to yahoo. Any hints how it can be fixed. The whole of the code is working fine it is making call to cse server getting contents from th

Using window.location in joomla 3

I am working on a project that someone already done in joomla. I have to fix some issues in there. They have a place order component in joomla 3.0. There are two options in main page. One is placing a regular order and other is special order. They ar

How to use window.location.href

I making "select" which options are 'Edit', 'Delete'. When I click "Edit", the page goes to the "edit_product.jsp" well. But when I click "Delete", the page goes to the "edit_product.jsp" again, not "