21

Possible Duplicate:
Can PHP read the hash portion of the URL?

The (famous?) web site mega.co.nz uses a hash mark in URLs to link to encrypted files; the portion of the URL after the hash mark contains a password, and encryption is claimed to happen on the client side. It is certainly feasible to use javascript for client-side encryption but … isn't the URL sent to the server, thus revealing the password to the server itself?

The URL looks like 

https://example.com/#!encryptedfilename_password
Community
  • 1
  • 1
vincenzoml
  • 413
  • 1
  • 3
  • 10

1 Answers1

32

Fragment identifiers are not sent to the server. The hash fragment is used by the browser to link to elements within the same page.

aziz punjani
  • 25,586
  • 9
  • 47
  • 56
  • Thanks! Yes indeed it is in a sense a duplicate of http://stackoverflow.com/questions/940905/can-php-read-the-hash-portion-of-the-url , where it is also explained how to use javascript to read fragment identifier – vincenzoml Jan 22 '13 at 15:52