Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>URLs up to ~2000 characters

Exactly, this approach doesn't scale well without trickery involved. You have to have some sort of weird encoding in place to compact it down.



Yup, ASP's "__VIEWSTATE" hidden form parameter comes to mind. It was base64-encoded and POSTed because it could get loooong (hundreds of KB).

Terrible for browser navigation/refresh though, because pretty much everything was a form POST. Thus no URL state sharing, either.


Also a terrible idea to execute code from the client, even if it's supposedly signed.

https://darkatlas.io/blog/critical-sharepoint-vulnerability-...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: