0

AM a newbie in php, i have seen some web applications that have only index.php showing on the browsers address path, when you put the mouse pointer, you would see that the links show with together with the variables required for the next page. However when you click on the link, the address bar would still show index.php. If one enters the variables directly on the address bar, then it takes you back to the home page.

How is this done?

Improve this question
3
  • 1
    Do you have an example of such a page? By the way, this does not sound like cross-site scripting (which is a security hole in which a user can enter e.g. JavaScript code which will be executed in another user's browser when he opens a page). Commented Jun 6, 2011 at 10:03
  • 1
    It is done by using JavaScript to replace all the content. Generally you shouldn't do that, and when you do you should take steps to make URLs work. Links are the foundation of the web, and you need working URLs for them. Commented Jun 6, 2011 at 10:05
  • 1
    I don't think this have anything to do with XSS. Anyway, I think this is bad design. Your URL should be readable, and should allow users to navigate through it if they know how. Commented Jun 6, 2011 at 10:06

4 Answers 4

Reset to default
1

A common way to do this is using AJAX or JQuery, allowing you to place content from other pages within an element of your mainpage, not causing a browser page refresh, while still having the same page in the url.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Using firebug extension of firefox, on the network tab, you can inspect what is send and how to the server.

Improve this answer

Comments

0

This can be done with some success by checking the HTTP Referer header.

Improve this answer

1 Comment

the HTTP Referer check is used as an addition to a token for CSRF prevention. to block XSS good filtering (whitelist/blacklist) is more common.
0

Here is a link of how to do it Beautiful way to remove GET-variables with PHP also checke using htaccess

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.