What are the security implications of using GET method in Ajax and what methods I should adopt to counter threats in the following example?
In a very simple implement, I've a Ajax-codeigniter code like following... There are no form submissions and database connections.. I just want to get output of a php function (targetfucntion in the code) to webpage (at targetDiv Div in HTML) Anybody can see that webpage, no login needed...
I have read GET is bit insecure as opposed to POST. I tried to use POST method, but it had some issues. So couldn't go with that. So I'm using GET method. Should I take any precautions like input sanitation etc.. Please help me with this! Thank you!
Controller
class Thecontroller extends CI_Controller
{
function __construct()
{
parent::__construct();
$this->load->helper('url');
}
function idea_generator() {
$this->load->view('myviewfile');
}
function targetfunction() {
echo somefunction();
}
}
?>
View File - "myviewfile"
<html>
<head>
<title>Title</title>
<script language="javascript">
var XMLHttpRequestObject = false;
if(window.XMLHttpRequest) {
XMLHttpRequestObject = new XMLHttpRequest();
} else if (window.ActiveXObject) {
XMLHttpRequestObject = new ActiveXObject("Microsoft.XMLHTTP");
}
function getData(dataSource,divID)
{
if(XMLHttpRequestObject) {
var obj = document.getElementById(divID);
XMLHttpRequestObject.open("GET",dataSource);
XMLHttpRequestObject.onreadystatechange = function()
{
if(XMLHttpRequestObject.readyState == 4 && XMLHttpRequestObject.status == 200)
{
obj.innerHTML = XMLHttpRequestObject.responseText;
}
}
XMLHttpRequestObject.send(null);
}
}
</script>
</head>
<body>
<h1>My Cool App</h1>
<input type="button" value ="Submit!!" onclick="getData('targetfunction','targetDiv')">
<div id="targetDiv">
<p>The fetched message will appear here </p>
</div>
</body>
</html>
