So was going through some legacy code to fix some security issues. One of them was there were links that were passing the data on url request. e.g NewFile.aspx?uid=1234

Rather than storing data in a session sometimes developers use shortcuts to do this, could be due to the pressure or time limit we have in shipping a product.

Aside from that lets see how we can fix this issue, what we want to accomplish is to post some data without calling server code and we can achieve that by some tricks in javascript.

Lets say you have a link that will say <a onclick=”javascript:NewFile()”>New File</a>
(Note I know this is not good again its legacy code)

Now we want to make a post request to the window and pass in the data.
Here is how we do it, I created a blank html page first and used this javascript.

By doing so we can pass in the data to the NewFile.aspx page with a post request now, also note if you are using Request.QueryString[‘uid’] in the NewFile.aspx page you will need to change it to Request[‘uid’]

Hope this helps πŸ™‚