[MGNLFORM-142] Parameters in URL are everytime lost after form submission Created: 28/Nov/12  Updated: 26/Mar/13  Resolved: 06/Dec/12

Status: Closed
Project: Magnolia Form Module
Component/s: None
Affects Version/s: None
Fix Version/s: 1.3.5, 1.4.4

Type: Bug Priority: Neutral
Reporter: Jaroslav Simak Assignee: Jaroslav Simak
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
is depended upon by MGNLPUR-69 Provide a way to change password with... Closed
duplicate
is duplicated by MGNLFORM-162 mobile: when submitting forms preview... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Suppose we have page with form and user entered here from this url www.example.com/some-site-with-form?userId=some-id.
User fills some values in form and submits it. Form then validates values but some of them are wrong. User is now redirected to the same page but parameter userId=some-id is lost.
I think this should not always throw away all params, in some cases we might want those parameters preserved.

To preveserve parameters, use flag redirectWithParams=true.



 Comments   
Comment by Jaroslav Simak [ 03/Dec/12 ]

It is now possible preserve parameters which are in url by setting flag redirectWithParams to true in form definition.

Comment by Jan Haderka [ 04/Dec/12 ]

Since you add loading of params from request in this ticket, you also need to add tests for XSS attack to the tests to make sure JS is escaped when someone attempts to inject it.

The relation should be set as dependency ... pur ticket depends on this to get fixed. Also associated support ticket is against Magnolia 4.4 which was released w/ Form 1.2.x and Pur 1.3.x if I'm not mistaken so you need to backport your changes as well.

Comment by Jaroslav Simak [ 04/Dec/12 ]

I followed fix version in MGNLPUR-69 therefore i decided to not backport it. I will add fix versions for form 1.3.x and pur 1.3.x in related tickets then.

Comment by Jaroslav Simak [ 05/Dec/12 ]

Since you add loading of params from request in this ticket, you also need to add tests for XSS attack to the tests to make sure JS is escaped when someone attempts to inject it.

I don't see any reason to add escaping here because these parameters are meant to use internally. If someone wants to display them in template, there is TemplatingFunctions#decode(Node) function. Or am i missing something?

Generated at Mon Feb 12 05:37:16 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.