2
Hello,
I’m developing a web application that contains a list of various elements. My idea will be that after a click on one of the elements, it opens a new page with the details of the element clicked. For that, at this point, I have to put something that identifies me the element: <div class="elem" data-id="2">.
Right now, the lines on my list are being put as follows (I am using . NET MVC):
@foreach (KnowAcquisitionParticipant participant in Model.Participants)
{
<div class="famo-row famo-body-row" data-is-new-participant="no" data-id="@participant.Employee.ID">
<div class="famo-cell famo-col-1">
<select class="famo-input famo-text-10" name="participantID">
<option value=""></option>
@foreach (Employee employee in Model.Employees)
{
<option value="@employee.ID" @(employee.ID == participant.Employee.ID ? "selected" : string.Empty)>@employee.Name</option>
}
</select>
</div>
<div class="famo-cell famo-col-2">
<input type="text" class="famo-input famo-text-10" name="totalHours" value="@(participant.TotalHours.HasValue ? participant.TotalHours.Value.ToString() : string.Empty)" />
</div>
<div class="famo-cell famo-col-3">
<input type="text" class="famo-input famo-text-10" name="activeHours" value="@(participant.ActiveHours.HasValue ? participant.ActiveHours.Value.ToString() : string.Empty)" />
</div>
<div class="famo-cell famo-col-4 text-center">
<button type="button" class="famo-button famo-cancel-button button-delete-participant">
<span class="fa fa-trash"></span>
</button>
</div>
</div>
}
However, I think that easily someone can change the value of data-id and get you on another page other than the one that was supposed to (I have a process that validates on the server whether or not the user has access).
I’ve been looking at other sites like Gmail or Outlook.com and I don’t think they have identifiers for emails and even when they seem to have, I change but always open the correct email.
How is it possible?
You can do that N different ways. This HTML of yours is static or generated with Javascript? You can put this code and/or the code that opens the other page?
– Sergio
@Sergio I am using . NET MVC with Razor Views, I will fetch the information from an API and then with a cycle for I put it in HTML
– António Garcez
Is this for cycle Javascript or server side? You can click [Edit] and put this loop in the question?
– Sergio
@Sergio already edited the question and already has the cycle. The cycle is server side.
– António Garcez
"other sites like Gmail or Outlook.com and I don’t think they have identifiers for emails" isn’t true. In Gmail each email is in one
<tr>, example taken from the inspect :<tr class="zA yO x7" jsmodel="nXDxbd" id=":jjj" tabindex="-1" aria-labelledby=":2u" draggable="true">. If you repair theid=":jjj"(for example I changed) is the identifier, and when the change can no longer open the respective email. I invite you to do this experiment.– Isac
@Isac is absolutely right, if you change the
id=":jjj"for something else, the email stops opening but the tests I did was between swapping the id’s of two emails to see if clicking one would open the other but that’s not what happens– António Garcez
Are you saying if you exchange email id`s with each other, keep opening the same and not the change is this ?
– Isac
@Isac Yes, that’s it
– António Garcez
Yes, it does, which means they’re not just based on
id. It must also be based on other information– Isac
Exactly, they must be using another back check. I’d like to know what kind of check they do.
– António Garcez
I was also intrigued now, when I have a little time I’ll see if I can run some tests to see if I can figure out what they’re doing exactly
– Isac