发表新帖
发表新帖

Is the use of hidden fields in forms insecure?

后端 未结
关注
4 1383
半阙折子戏
半阙折子戏 2021-01-12 15:19

For example
Imagine I have the following form

  <%= form_for(@comment) do |f| %>

    <%= f.hidden_field :user_id%>
    <%= f.hidden_field
4条回答
  • 粉色の甜心
    粉色の甜心 (楼主)
    2021-01-12 15:23

    If the value of those fields is critical, then don't trust the user to return them unchanged. Otherwise, a hidden field is no less or no more secure than a regular visible field - if it's in the HTML, someone can change it.

    0 讨论(0)
 看不清?
提交回复
热议问题