-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Karthik,

On 5/13/2010 3:45 AM, Karthik Nanjangude wrote:
> Question  :     My web application uses "href" & "css based image's"
> for  transferring the request from 1 page to another The problem is
> UserVisitor is  clicking the image based href  MULTIPLE TIMES (
> multiple clicks )

Ok.

> <a href="image.jsp?mult=1" id='submitButton1'
>    onClick="this.onclick=function(){return false}" target="_self"
>    class="buttonRedSmall"><span>Submit Form</span></a></td>

That's a nasty construct: when the user clicks the link, you change the
onClick handler? How about this:

<a href="image.jsp?mult=1" id='submitButton1'
   onclick="return false;"
   class="buttonRedSmall"><span>Submit Form</span></a>

BTW, the default target is "_self", so there's no need to specify that.

Unless there is more Javascript that you haven't posted, the above does
not submit a form.

> And causes the multiple form submits.  How to prevent the same ?

Do you mean that it loads the URL twice?

> I googled / yahooed for Cross browser based  tricks to disable the
> multiple request...Not luck so far ...
> 
> Can some body help me if Tomcat has any special features to prevent
> this attack ....... :(

Please post some HTML code which shows a form submission and maybe we
can help. Note that this isn't exactly an "attack".

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvxogEACgkQ9CaO5/Lv0PAz4QCbBtTKYrr0tUk2dDckWbQ3L6yD
NtAAn034OtDLMa9IF+NO7VOVgfpS/eKg
=yKxU
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to