0

AM a newbie in php, i have seen some web applications that have only index.php showing on the browsers address path, when you put the mouse pointer, you would see that the links show with together with the variables required for the next page. However when you click on the link, the address bar would still show index.php. If one enters the variables directly on the address bar, then it takes you back to the home page.

How is this done?

Gatura
  • 605
  • 2
  • 8
  • 15
  • 1
    Do you have an example of such a page? By the way, this does _not_ sound like cross-site scripting (which is a security hole in which a user can enter e.g. JavaScript code which will be executed in another user's browser when he opens a page). – Aasmund Eldhuset Jun 06 '11 at 10:03
  • 1
    It is done by using JavaScript to replace all the content. Generally you shouldn't do that, and when you do you should [take steps to make URLs work](https://github.com/blog/760-the-tree-slider). Links are the foundation of the web, and you need working URLs for them. – Quentin Jun 06 '11 at 10:05
  • 1
    I don't think this have anything to do with XSS. Anyway, I think this is bad design. Your URL should be readable, and should allow users to navigate through it if they know how. – Ortiga Jun 06 '11 at 10:06

4 Answers4

1

A common way to do this is using AJAX or JQuery, allowing you to place content from other pages within an element of your mainpage, not causing a browser page refresh, while still having the same page in the url.

José Valente
  • 331
  • 1
  • 10
1

Using firebug extension of firefox, on the network tab, you can inspect what is send and how to the server.

aligot
  • 259
  • 2
  • 7
0

This can be done with some success by checking the HTTP Referer header.

Oswald
  • 31,254
  • 3
  • 43
  • 68
  • the HTTP Referer check is used as an addition to a token for CSRF prevention. to block XSS good filtering (whitelist/blacklist) is more common. – Sascha Galley Jun 06 '11 at 10:11
0

Here is a link of how to do it Beautiful way to remove GET-variables with PHP also checke using htaccess

Community
  • 1
  • 1
Gatura
  • 605
  • 2
  • 8
  • 15