Hi, 
Guest
Pic
Sign In

pharo-users@lists.pharo.org

Any question about pharo is welcome

View all threads

Using ZnResponse>>#redirect: to pass an error message

V
vinref@gmail.com
Tue, Dec 13, 2022 3:10 AM

Hello

I catch an error like this:

[ self insertNewUser.

  ZnResponse redirect: self request url ] on: TbDbError do: [ :err | | ent |

  ZnResponse redirect: '/error/db_error' ] ].

I would like to pass

err messageText

to the page at: ‘/error/db_error’, to display to the user. I prefer not to cache it is a session or use a Js hack to do it. Does someone have a strategy for passing objects via a ZnResponse instance? I did try

ZnResponse redirect: aUrl entity: anEntity

but the entity is discarded by the time it gets to the page.

Vince

Hello I catch an error like this: ``` [ self insertNewUser. ``` ``` ZnResponse redirect: self request url ] on: TbDbError do: [ :err | | ent | ``` ``` ZnResponse redirect: '/error/db_error' ] ]. ``` I would like to pass ``` err messageText ``` to the page at: ‘/error/db_error’, to display to the user. I prefer not to cache it is a session or use a Js hack to do it. Does someone have a strategy for passing objects via a ZnResponse instance? I did try ``` ZnResponse redirect: aUrl entity: anEntity ``` but the entity is discarded by the time it gets to the page. Vince
V
vinref@gmail.com
Tue, Dec 13, 2022 4:51 AM

Hi

To answer my own question, I passed the error message as a parameter in the url:

[ 	self insertNewUser.

	ZnResponse redirect: self request url ] on: TbDbError do: [ :err | | url |

	  url := (ZnUrl fromString: 'error/db_error/')

	    queryAt: 'msg' put: err messageText;

	    yourself.				

      ZnResponse redirect: url ]

Vince

Hi To answer my own question, I passed the error message as a parameter in the url: ``` [ self insertNewUser. ``` ``` ZnResponse redirect: self request url ] on: TbDbError do: [ :err | | url | ``` ``` url := (ZnUrl fromString: 'error/db_error/') ``` ``` queryAt: 'msg' put: err messageText; ``` ``` yourself. ``` ``` ZnResponse redirect: url ] ``` Vince
V
vinref@gmail.com
Tue, Dec 13, 2022 8:22 AM

Hi again

Unfortunately the solution I came up with above is vulnerable to cross-site scripting attack (XSS). The solution takes the parameter passed in from the url and shows it to the user. An attacker can insert a script and send the link to a user for instance. Please do not do this.

You can mitigate the XSS attack with CSP (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src), but it can be tricky to get right.

Back to square one.

Vince

Hi again Unfortunately the solution I came up with above is vulnerable to cross-site scripting attack (XSS). The solution takes the parameter passed in from the url and shows it to the user. An attacker can insert a script and send the link to a user for instance. Please do not do this. You can mitigate the XSS attack with CSP (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src), but it can be tricky to get right. Back to square one. Vince
Empathy v1.0   2024 ©Harmonylists.com