[MGNLFORM-142] Parameters in URL are everytime lost after form submission Created: 28/Nov/12 Updated: 26/Mar/13 Resolved: 06/Dec/12 |
|
| Status: | Closed |
| Project: | Magnolia Form Module |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.3.5, 1.4.4 |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Jaroslav Simak | Assignee: | Jaroslav Simak |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Template: |
|
||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||||||
| Date of First Response: | |||||||||||||||||
| Description |
|
Suppose we have page with form and user entered here from this url www.example.com/some-site-with-form?userId=some-id. To preveserve parameters, use flag redirectWithParams=true. |
| Comments |
| Comment by Jaroslav Simak [ 03/Dec/12 ] |
|
It is now possible preserve parameters which are in url by setting flag redirectWithParams to true in form definition. |
| Comment by Jan Haderka [ 04/Dec/12 ] |
|
Since you add loading of params from request in this ticket, you also need to add tests for XSS attack to the tests to make sure JS is escaped when someone attempts to inject it. The relation should be set as dependency ... pur ticket depends on this to get fixed. Also associated support ticket is against Magnolia 4.4 which was released w/ Form 1.2.x and Pur 1.3.x if I'm not mistaken so you need to backport your changes as well. |
| Comment by Jaroslav Simak [ 04/Dec/12 ] |
|
I followed fix version in |
| Comment by Jaroslav Simak [ 05/Dec/12 ] |
I don't see any reason to add escaping here because these parameters are meant to use internally. If someone wants to display them in template, there is TemplatingFunctions#decode(Node) function. Or am i missing something? |