A common way of requesting the execution of scripts through url/post parameters?_问答_开发者

A common way of requesting the execution of scripts through url/post parameters?

开发者 https://www.devze.com 2023-03-25 04:36 出处：网络

We are implementing a fly out messaging system that will normally fly out while the user interact开发者_如何转开发s with a page, but sometimes will need to fly out after a page loads.

For example, after setting a password through AJAX we would like to return to a home page and, once that page is loaded, show a "Your Password has been changed" message.

We will use Coldfusion to create the actual JavaScript calls and write them in the HTML.

My question is if there is a standard way for requesting the execution of scripts through url/form parameters?

I lean in favor of using one form parameter that that is a JSON string containing the proper function call string and parameters.

A good way to do what you're talking about is to use a convention of "data-" parameters on your <body> tag, or something similar.

<body data-startmsg='Password successfully changed'>
  <!-- whole page of whatever -->
</body>

Now your JavaScript — which doesn't have to be inline script on the page — just needs a "ready" or "load" handler where it can check for a "data-startmsg" attribute on the <body>, showing the popup of it's there.

There are lots of variations, depending on the complexity of your messaging system. For example if the popups might require more elaborate layout or form inputs or stuff like that, you could just dump that onto the page as <div> (or <aside> I guess) elements with a class that makes them hidden until the popup code can find them.

edit — to elaborate further, I think that making your client-side code work as you describe on the bases of components of the URL is probably a fairly bad idea, because it makes your pages potentially more vulnerable to more kinds of XSS attack vectors. By having the JavaScript code take its cues only from parts of the page that were set up completely by secure code on the server, you make it harder for attacks to exploit some weakness in parameter scrubbing, because in that setup the client-side code would happily obey parameters in the URL that you may not have intended.