Taking control of the browser
Client-side code is executed by the browser. This means that, in many respects, it should be considered to be a polite request only! A technical user can easily undo the setting of a mandatory field that was achieved through a UI Policy or by GlideForm
, as we'll see in this example:
- Open the
Check-in
form in a new window. Do this by typingx_hotel_check_in.FORM
in the application navigator filter text and pressing enter.
Â
Note
You must do this in a new window to escape the frames that interfere with the script.
Â
- Populate the fields as you wish, but ensure you set the
Date
field to a value in the past. This means theComments
field will be shown and made mandatory.
Because of the UI Policy created earlier in the chapter, if you try to submit the form without a comment, the platform will notice and present an alert box. It won't let you send the data to the instance without filling in the comments.
Now, pretend to be a malicious user. In the address bar of your browser...