为什么此代码中的表单DOM对象值未更新？

Question

I am using javascript to generate a password checksum using the built-in SubtleCrypto.digest() function. This function returns the result as a promise object which is then passed to an inline function that converts the result to a text representation of the hex bytes. The problem is that the inline text conversion function digToHex() is not updating the hidden fields in the DOM which are then submitted to the server in a POST request.

The function is called via an onclick() event attached to the button on the form. It reads the password input typed in by the user on the form and passes that to the digestMsg() function for generating the hash.

Please note that I am aware of the security issues around SHA-1 . At present this is proof of concept only.

I have observed the output in Chrome developer tools, both on the console and network tab. I have also monitored the incoming request on the server (an IOT device). The submitted values are always null. The digToHex() function seems to be generating a hash because the hash does appear as the value of chk.value in the console tab. As can be seen from the code, I have tried assignments and form submission both outside and inside the context of the digestMsg() promise handler.

function reboot() {
    var msg = document.querySelector('#pwd1').value;

    // Test purposes only
    var opt = document.querySelector('[name = "opt"]');
    var chk = document.querySelector('[name = "chk1"]');
    // Test purposes only

    digestMsg(msg).then(result=>{
        var opt = document.querySelector('[name = "opt"]');
        var chk = document.querySelector('[name = "chk1"]');
        opt.value = 3;
        chk.value = digToHex(result);
        // document.querySelector('form').submit();

    console.log(opt.value);
    console.log(chk.value);

    });
    // form.submit();

    alert("Result: " + opt.value + " - " + chk.value);
}

function digToHex(buf) {
    const bytes = new Uint8Array(buf);
    const hexCodes = [...bytes].map(value => {
        const hexCode = value.toString(16);
        const padHexCode = hexCode.padStart(2, '0');
        return padHexCode;
    });
    return hexCodes.join('');
}

function digestMsg(msg) {
    const enc = new TextEncoder();
    const data = enc.encode(msg);
    return window.crypto.subtle.digest('SHA-1', data);
}

When either of the two sumbit() lines were uncommented, null values were received on the server but Chrome developer tools shows the correct values on the console output. Further investigation of the network output tab in developer tools confirms that null values are actually being transmitted. I would expect to see "opt" with a value of 3 and chk1 with value containing the hash.

This is the HTML that calls the code:

<form method="post" action="/admin">
<input name="chk1" value="" hidden/>
<input name="chk2" value="" hidden/>
<input name="opt" value=0 hidden/>
<table>
<tr><th>Current password:</th><td><input id="pwd1" type="password">        </input></input></td>
<tr><th>New password:</th><td><input id="pwd2" type="password"></input></input></td>
<tr><th>Confirm new password:</th><td><input id="pwd3" type="password"></input></input></td>
<tr><th></th><td align="right"><input type="submit" class="btn" value="Change" onclick="change()"/></td></tr>
<tr><th></th><td><br></td></tr>
<tr><th>Defaults</th><td align="right"><input type="submit" class="btn" value="Reset" onclick="reset()"/></td></tr>
<tr><th>Restart WiFi</th><td align="right"><input type="button" class="btn" value="Reboot" onclick="reboot()"/></td></tr>
</table>
</form>

Further testing as per Marius shows that the code does actually work with a static html page. The problem would therefore appear to be related to the way I am dynamically loading the html for each form. I attach the html for the main (parent) page below:

<html>
<head>
<meta charset="utf-8">
<title>AR488 WiFi Configuration</title>
<link rel="stylesheet" href="AR488wifi.css">
<script defer src="AR488wifi.js"></script> 
</head>
<body onload="getPage('seeStat.html')";>
<div class="mpage">
<div class="headr">AR488 WiFi Configuration</div>
<div>
<ul>
<li id="mStat" class="active"><a onclick="getPage('seeStat.html')">Status</a></li>
<li id="mGen"><a onclick="getPage('cfgGen.div')">General</a></li>
<li id="mWifi"><a onclick="getPage('cfgWifi.div')">WiFi</a></li>
<li id="m488"><a onclick="getPage('cfg488.div')">GPIB</a></li>
<li id="mAdm"><a onclick="getPage('cfgAdm.div')">Admin</a></li>
</ul>
</div>
<hr>
<div id="cfgPage" class="conf">
</div>
<div>
<hr>
<table class="foot"><tr>
<td>AR488 WiFi ver: 0.00.00</td>
<td>Firmware ver: 0.00.00</td>
</tr></table>
</div>
</div>
</body>
</html>

Answer 1

Your code seems fine. I've copied what you have and added some HTML to simulate this. Make sure the fields aren't disabled.

 reboot(); function reboot() { var msg = document.querySelector('#pwd1').value; // Test purposes only var opt = document.querySelector('[name = "opt"]'); var chk = document.querySelector('[name = "chk1"]'); // Test purposes only digestMsg(msg).then(result=>{ var opt = document.querySelector('[name = "opt"]'); var chk = document.querySelector('[name = "chk1"]'); opt.value = 3; chk.value = digToHex(result); console.log(opt.value); console.log(chk.value); }); } function digToHex(buf) { const bytes = new Uint8Array(buf); const hexCodes = [...bytes].map(value => { const hexCode = value.toString(16); const padHexCode = hexCode.padStart(2, '0'); return padHexCode; }); return hexCodes.join(''); } function digestMsg(msg) { const enc = new TextEncoder(); const data = enc.encode(msg); return window.crypto.subtle.digest('SHA-1', data); } 

 <input type="password" id="pwd1" value="test" /> <input type="text" name="opt" /> <input type="text" name="chk1" /> 

Answer 2

I believe I have found a solution!

In my original code I was using querySelector() to obtain a reference to the form object which was immediately passed to submit but after processing was done:

document.querySelector('form').submit();

The form was being submitted with "opt" set to '0' - a numeric value that I had specifically set - not null or undefined, so this command appeared to be creating a reference to the original unmodified form which was then immediately submitted.

I experimented by creating a reference to the form in the context of the digestMsg() handler before processing took place with:

var formObj = document.querySelector('form');

After processing the form and updating values it was then submitted with:

formObj.submit();

This time, the form submitted with the correct updated values. The adjusted code (minus various test alerts) now looks like this:

function reboot() {
    var msg = document.querySelector('#pwd1').value;
    digestMsg(msg).then(result=>{
        var formObj = document.querySelector('form');
        var opt = document.querySelector('[name = "opt"]');
        var chk = document.querySelector('[name = "chk1"]');
        opt.value = 3;
        chk.value = digToHex(result);
        formObj.submit();
    });
}

I would be interested to know WHY the first command created a reference to the original modified form and did not take into account the updated values? In both cases things seem to happen in the same order - the form is loaded into the browser, the values are updated and the form is submitted. Also, why did the original version did work with a static HTML page but not with a dynamically loaded form? If anyone has an explanation I would be eager to hear it.

In the meantime, thanks for the helpful comments which have helped me focus my thinking and arrive at a solution.

The above is just proof of concept and further validation and adjustments will be required to achieve an actual working form.