Hello
I catch an error like this:
[ self insertNewUser.
ZnResponse redirect: self request url ] on: TbDbError do: [ :err | | ent |
ZnResponse redirect: '/error/db_error' ] ].
I would like to pass
err messageText
to the page at: ‘/error/db_error’, to display to the user. I prefer not to cache it is a session or use a Js hack to do it. Does someone have a strategy for passing objects via a ZnResponse instance? I did try
ZnResponse redirect: aUrl entity: anEntity
but the entity is discarded by the time it gets to the page.
Vince
Hi
To answer my own question, I passed the error message as a parameter in the url:
[ self insertNewUser.
ZnResponse redirect: self request url ] on: TbDbError do: [ :err | | url |
url := (ZnUrl fromString: 'error/db_error/')
queryAt: 'msg' put: err messageText;
yourself.
ZnResponse redirect: url ]
Vince
Hi again
Unfortunately the solution I came up with above is vulnerable to cross-site scripting attack (XSS). The solution takes the parameter passed in from the url and shows it to the user. An attacker can insert a script and send the link to a user for instance. Please do not do this.
You can mitigate the XSS attack with CSP (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src), but it can be tricky to get right.
Back to square one.
Vince