Virtual Karma

Saturday, March 04, 2006

Enter your email at Tomatogram and we will send you big deals on software each week!

Stealth Submit Using AJAX

Have you ever started filling a web form and halfway into it decide against submitting because suddenly you no longer trust the website enough? You closed the browser window and that was the end of story, right? Wrong! The website might still have your information. You think it’s impossible? This article will show you how it can be done. I call the technique Stealth Submit.

Unless you have been living under a rock there is no way that you wouldn’t have heard about AJAX. Stealth Submit uses AJAX to save the values entered on the web form to a database.

To implement Stealth Submit the following example uses two files:

majax.aspx: This file implements the web form. It consists of plain HTML and Javascript (and hence the AJAX functions).

majaxSaveToDB.aspx: This file is the server side script which implements the database operations. Values to be saved are passed as a part of the query string. After saving the values to a database the status is posted back.

Click here to view a complete working example.

To view the complete implementation, do a “view source” for the above page in your browser.

Stealth Submit can be used for constructive purposes like implementing auto save for your web applications. Some of the Web 2.0 applications already take advantage of this technique. At the same time, in wrong hands it can be used to capture information without the user’s knowledge. I hope the technique described here finds good use in our future applications.

Note: The intent of this article is to educate the readers as to how AJAX could be used to capture information without their knowledge or consent by malicious websites. It is advised that no information should be entered on a web form that you do not completely trust.

Liked this article? Please digg | reddit. Thank you!