java script doesn't get the data from jsp

Question

It's about search and paging functions.

this shows keyWord and keyField well on console when i search keyWord .

<% 
String keyWord = (String)request.getParameter("keyWord");
String keyField = (String)request.getParameter("keyField");
System.out.println(keyWord);
System.out.println(keyField);
%>

but this doesn't work. address appear like this. didn't get data from javascript code.

http://localhost:8090/mvcBoard/list.do?page=2&keyWord=&keyField=

 function PageMove(page){
        var keyWord = '<%request.getParameter("keyword");%>';
        var keyField = '<%request.getParameter("keyField");%>'; 
        console.log(keyWord);
        location.href = "list.do?page="+page+"&keyWord=" + keyWord + "&keyField=" + keyField;
     }

but it works!

location.href = "list.do?page="+page;

this is list.jsp

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<% 
String keyWord = (String)request.getParameter("keyWord");
String keyField = (String)request.getParameter("keyField");
System.out.println(keyWord);
System.out.println(keyField);
%>
<script>

    function searchCheck(frm){
        //검색
        if(frm.keyWord.value ==""){
            alert("검색 단어를 입력하세요.");
            frm.keyWord.focus();
            return;
        }
        frm.submit();      
    }


    function PageMove(page){
        var keyWord = '<%request.getParameter("keyword");%>';
        var keyField = '<%request.getParameter("keyField");%>';

        console.log(keyWord);
        if(keyWord){
       location.href = "list.do?page="+page+"&keyWord=" + keyWord + "&keyField=" + keyField;
        }
        location.href = "list.do?page="+page+"&keyWord=" + keyWord + "&keyField=" + keyField;
     }


</script>

</head>
<body>  


    <table width="800" cellpadding="0" cellspacing="0" border="1">
        <tr>
            <td>번호</td>
            <td>이름</td>
            <td>제목</td>
            <td>날짜</td>
            <td>조히수</td>
        </tr>
        <c:forEach items="${list}" var="dto">
        <tr>
            <td>${dto.bId}</td>
            <td>${dto.bName}</td>
            <td>
                <c:forEach begin="1" end="${dto.bIndent}">-</c:forEach>
                <a href="content_view.do?bId=${dto.bId}">${dto.bTitle}</a></td>
            <td>${dto.bDate}</td>
            <td>${dto.bHit}</td>
        </tr>
        </c:forEach>
        <tr>
            <td colspan="5">
                <form action="list.do" method="post" name="search">
                <select name="keyField">
                    <option value="bTitle">글 제목</option>
                    <option value="bContent">글 내용</option>
                    <option value="bName">작성자</option>
                </select>
                <input type="text" name="keyWord">
                <input type="button" value="검색" onclick="searchCheck(form)">
                <input type="hidden"  id=keyField value="${paging.keyField}">
                <input type="hidden" id=keyWord   value="${paging.keyWord}"> 
                </form>
            </td>
        </tr>


        <tr>
            <td colspan="5"> <a href="write_view.do">글작성</a> </td>
        </tr>
    </table>
<%--    <%=PageAction.pageNumber() %>
     --%>
    <div class="toolbar-bottom">
  <div class="toolbar mt-lg">
    <div class="sorter">
      <ul class="pagination">
        <li><a href="javascript:PageMove(${paging.firstPageNo})">맨앞으로</a></li>
        <li><a href="javascript:PageMove(${paging.prevPageNo})">앞으로</a></li>
              <c:forEach var="i" begin="${paging.startPageNo}" end="${paging.endPageNo}" step="1">
                  <c:choose>
                      <c:when test="${i eq paging.pageNo}">
                <li class="active"><a href="javascript:PageMove(${i})">${i}</a></li>
                      </c:when>
                      <c:otherwise>
                        <li><a href="javascript:PageMove(${i})">${i}</a></li>
                      </c:otherwise>
                  </c:choose>
              </c:forEach>
        <li><a href="javascript:PageMove(${paging.nextPageNo})">뒤로</a></li>
        <li><a href="javascript:PageMove(${paging.finalPageNo})">맨뒤로</a></li>
      </ul>
    </div>
  </div>
</div>


</body>
</html>

You have multiple XSS vulnerabilities.

SLaks
– SLaks

2018-10-18 01:52:49 +00:00
Commented Oct 18, 2018 at 1:52 — SLaks
– SLaks, Commented Oct 18, 2018 at 1:52

Scary Wombat · Accepted Answer · 2018-10-18 01:53:58Z

1

For a start this code looks wrong

<input type="hidden" value="${paging.getkeyField()}">
<input type="hidden" value="${paging.getKeyWord()}">

change to the same format as paging.nextPageNo

<input type="hidden" value="${paging.keyField}">
<input type="hidden" value="${paging.keyWord}">

next you either add an id to this hidden fields (and get the value using Javascript or jquery)

<input type="hidden" id="kf" value="${paging.keyField}">

or use the same parameter passing as paging.nextPageNo to PageMove

javascript:PageMove(${paging.nextPageNo}, ${paging.keyField}); // etc

answered Oct 18, 2018 at 1:53

Scary Wombat

44.9k7 gold badges38 silver badges67 bronze badges

Sign up to request clarification or add additional context in comments.

4 Comments

user10481445 Over a year ago

it doesn't work..when i get data from <%request.getParameter("keyWord"); %>it shows data well, but i can't transter to javascript code

Scary Wombat Over a year ago

when you store in hidden fields is the value there?

user10481445 Over a year ago

i editted in list.jsp like this <input type="hidden" id=keyField value="${paging.keyField}"> at search form but it seems there is no value for first page.. so it doesn't work..

Scary Wombat Over a year ago

Yes, I thought you code was wrong there, it looks like it "${keyField} may work as it seems to be part of request

Collectives™ on Stack Overflow

java script doesn't get the data from jsp

1 Answer 1

4 Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

4 Comments

Your Answer

Sign up or log in

Post as a guest

Related