We Keep Coding

How to send data in form secretly

I want send hidden data with form.
my code is:
` <form action="my address" method="post">
<div>
<label for="title">Post title:</label>
<input type="text" id="title" name="title" value="My excellent blog post" />
</div>
<div>
<label for="content">Post content:</label>
<textarea id="content" name="content" cols="60" rows="5">
This is the content of my excellent blog post. I hope you enjoy it!
</textarea>
</div>
<div>
<button type="submit">Update post</button>
</div>
<input type="hidden" name="seckey" value="34657" />
</form> `
I use hidden input, but is not safe.
I want to send "seckey" secretly in a way ,that is not available in any way and anybody not access it. Completely safe
but if I use hidden input, the "seckey" is visible in the source page or inspect element in browser.
How to post the "seckey" in the form without it even being clear in the page source

Autocomplete on TextArea not respected

This is pretty bizarre, but according to the MDN docs autocomplete has wide-spread support for TextArea element (given that the listed requirements are met):
https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete
But it doesn't seem to work, at least not in either Chrome or FireFox.
This is an example of what doesn't work:
<html>
<body>
<form action="index.html" method="post">
<input type="first" name="input" id="a" autocomplete="on"><br> <!-- Works! -->
<textarea name="second" id="b" autocomplete="on"></textarea><br> <!-- Doesn't work!-->
<input class="submit" type="submit" value="Submit">
</form>
</body>
</html>
So this begs the question: has there been an actual regression in two major browsers, or are the MDN docs wrong? ... or am I missing something entirely different?

Turns out it currently isn't supported from what I can tell: https://www.chromestatus.com/feature/5680387573415936

CAS - Redirect to custom login page when credentials are wrong

Good morning.
I've successfully configured a CAS SSO server and client. However, I want to change CAS' configurations to use a custom login page. I followed this tutorial to make such configuration and it works like a charm. But, the problem is that when I enter invalid credentials (wrong username or password) it tries to redirect to the CAS' default login page; however, it should redirect to the custom external login page. I would really appreciate if you help me to find out how to make CAS to redirect to a different page when wrong credentials are entered.
This is my casLoginView.jsp
<%# page contentType="text/html; charset=UTF-8" %>
<html>
<head>
<script type="text/javascript">
function doAutoLogin() {
document.forms[0].submit();
}
</script>
</head>
<body onload="doAutoLogin();">
<form id="credentials" method="POST" action="https://externalsite.com/cas-server-webapp-4.0.0/login?service=<%= request.getParameter("service") %>">
<input type="hidden" name="lt" value="${loginTicket}" />
<input type="hidden" name="execution" value="${flowExecutionKey}" />
<input type="hidden" name="_eventId" value="submit" />
<input type="hidden" name="username" value="<%= request.getParameter("username") %>" />
<input type="hidden" name="password" value="<%= request.getParameter("password") %>" />
<% if ("true".equals(request.getParameter("rememberMe"))) {%>
<input type="hidden" name="rememberMe" value="true" />
<% } %>
<input type="submit" value="Submit" style="visibility: hidden;" />
</form>
</body>
And this is my external custom login page:
<form method="GET" action="https://externalsite.com/cas-server-webapp-4.0.0/">
<p>Username : <input type="text" name="username" /></p>
<p>Password : <input type="password" name="password" /></p>
<p>Remember me : <input type="checkbox" name="rememberMe" value="true" /></p>
<p><input type="submit" value="Login !" /></p>
<input type="hidden" name="auto" value="true" />
<input type="hidden" name="service" value="<%= request.getParameter("service") %>" />
</form>
Basically my external login page sends the credentials to the CAS login page and the latter is submited automatically. However, when credentials are wrong, CAS redirects to the default login page and not to my external login page.
Regards.

You need change the code at login-webflow.xml in cas-server-webapp.
The code should be changed as below:
<action-state id="handleAuthenticationFailure">
<!-- Comment FailedLoginException and AccountNotFoundException -->
<!--<transition on="FailedLoginException" to="generateLoginTicket"/>-->
<!--<transition on="AccountNotFoundException" to="generateLoginTicket"/>-->
</action-state>
Add:
<action-state id="customFailedLoginException">
<evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />
<transition on="generated" to="customFailedLoginExceptionView" />
</action-state>
<view-state id="customFailedLoginExceptionView" view="externalRedirect:#{requestParameters.service}&errorMsg=failedLogin"/>
<action-state id="customAccountNotFoundException">
<evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />
<transition on="generated" to="customAccoundNotFoundExceptionView" />
</action-state>
<view-state id="customAccoundNotFoundExceptionView" view="externalRedirect:#{requestParameters.service}&errorMsg=notFound" />
Now if you submit a user name that do not exists or a password that is wrong, your would get a response url with a parameter called 'errorMsg'.
I also make a sample about how to login cas with client custom login screen rather than server login srceen. You could download it on
https://github.com/yangminxing/cas-custom-login-page

I solved my problem by changing the transitions on the login-webflow.xml file. What I did was to create a new action state:
<action-state id="customFailedLogin">
<evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />
<transition on="generated" to="externalRedirection" />
</action-state>
and this one calls a view-state which redirects the user to my external login page
<view-state id="externalRedirection" view="externalRedirect:#{requestParameters.callingUrl}&error=true"/>
(callingUrl is a variable that I created and sent with the service url). At the end I just changed the transition in the handleAuthenticationFailure
<transition on="AccountNotFoundException" to="customFailedLogin"/>
<transition on="FailedLoginException" to="customFailedLogin"/>
Hope it helps to someone else.

SEO Url not changing upon form submission

Am using SEO URls to load my pages ie http://www.mywebsite.com/p/page1/100 but am having a problem with my search form. When I click submit, instead of the entire url changing to the stated one in the form, it just appends the variables to the url eg http://www.mywebsite.com/p/page1/100?p=search&q=Any+Query+String+here.
My question is, how do I replace the entire URL with the form variable instead?
Here is my form code:
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="get">
<input type="text" onfocus="if(this.value==this.defaultValue) this.value='';" onblur="if(this.value=='') this.value=this.defaultValue;" name="q" value="Search" />
<input type="hidden" value="search" name="p" />
<input type="submit" value="Search" class="submit" />
</form>

OK I solved it using a hack I think???
Apparently if I append a variable to the action url, this will force the browser to load the new url instead of append the form variable to the existing url.
Eg.
<form action="<?php $_SERVER['PHP_SELF'] ?>?p=search" method="get">
<input type="text" onfocus="if(this.value==this.defaultValue) this.value='';" onblur="if(this.value=='') this.value=this.defaultValue;" name="q" value="Search" />
<input type="hidden" value="search" name="p" />
<input type="submit" value="Search" class="submit" />
</form>
This worked for me but I dunno if it's the right way to achieve this or it's a hack.

J_scurity_check fails in Firefox 4

The applications works fine in Firefox3.6 ,all versions of IE. I downloaded Firefox 4 and tried to login. When I entered user name and password and click on submit button, It just clears the labels and when I hit on refresh button it submits the form. If I enter wrong userid and password it redirects to the error page.
<form method="POST" action="j_security_check">
Username: <input type="text" name="j_username"> <br/>
Password: <input type="password" name="j_password">
<input type="submit" value="Login">
</form>
There are no error messages in the logs.

I still have no clue about your problem as you do not give much details about your environment and application. Do you use any javascript or ajax in your login page for example? Do you have some mal formed tags between tags?
In my case, I am using java-ee-5, JSF 2.0 framework (My login page works in Firefox 3.6, Opera 11 and IE8 but not in Google Chrome)
Here is my working login page (tested on Firefox 3.6.17 and 4.0.1).
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:p="http://primefaces.prime.com.tr/ui"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:o="http://openfaces.org/">
<h:head>
<div align="center">
<h:outputText value="Logon"
style="text-align: center;font-weight: bolder"/>
<br />
</div>
<h:outputStylesheet name="css/style.css"/>
<link rel="icon" href="#{resource['images/diagnostic.ico']}" type="image/x-icon"/>
<link rel="shortcut icon" href="#{resource['images/diagnostic.ico']}" type="image/x-icon"/>
</h:head>
<h:body style="font-weight: lighter;background: url(#{resource['images/master-bg.jpg']});background-repeat: repeat;">
<h:form id="logonform" onsubmit="document.logonform.action = 'j_security_check';">
<p:panel header="#{bundle.Login}" style="font-weight: lighter">
<h:panelGrid columns="2">
<h:outputLabel for="j_username" value="#{bundle.Username}" style="font-weight: bold;"/>
<input id="usernameid" type="text" name="j_username" />
<h:outputLabel for="j_password" value="#{bundle.Password}" style="font-weight: bold;"/>
<input type="password" name="j_password" />
<h:outputText value="" />
<h:panelGrid columns="2">
<p:commandButton value="Connexion" type="submit" ajax="false"/>
<p:button outcome="Logon" value="Cancel" />
</h:panelGrid>
</h:panelGrid>
</p:panel>
</h:form>
</h:body>
</html>
I used the same plain html form as you and it is working for me too in Firefox 4.0.1 and even better than 3.6.17.

I am also seeking an answer to this problem. I am developing a JavaEE6/JSF2 web application that runs inside Glassfish (first 3.0.1 and now 3.1).
The FORM based login was working fine on Firefox3.x versions, and still works fine on Safari5.0.5, but "fails silently" on both Firefox4.0.1 and on Google Chrome 12.0.742.91. (I am on Mac OS X and have not checked IE.)
It is very difficult to provide diagnostics since there are none.
Q: Are there any other logs or possible source of diagnostics I can switch on for Firefox and/or Google Chrome that might throw light in the subject ?
Here is my form:
<form id="loginForm" method="POST" action="j_security_check">
<h:panelGrid columns="3" styleClass="login" columnClasses="login-label, login-field">
<h:outputLabel for="j_username">Username:</h:outputLabel>
<h:inputText id="j_username" required="true" />
<h:message for="j_username" />
<h:outputLabel for="j_password">Password:</h:outputLabel>
<h:inputSecret id="j_password" required="true" />
<h:message for="j_password" />
<h:outputLabel for="login_button"></h:outputLabel>
<h:commandButton id="login_button" value="Login" />
</h:panelGrid>
This is similar to examples shown elsewhere that are claimed to be compatible with Firefox 4, such as from here (to respect copyright conditions not copied here, please examine external link then return):
enter link description here
That login form is claimed to be compatible with Mozilla Firefox 4, Internet Explorer 8, Chrome 11. Safari 5, Opera 11. But I can't see that it is very different from my own.