top | item 44732063 (no title) ac130kz | 7 months ago >URLs up to ~2000 charactersExactly, this approach doesn't scale well without trickery involved. You have to have some sort of weird encoding in place to compact it down. discuss order hn newest rbinv|7 months ago Yup, ASP's "__VIEWSTATE" hidden form parameter comes to mind. It was base64-encoded and POSTed because it could get loooong (hundreds of KB).Terrible for browser navigation/refresh though, because pretty much everything was a form POST. Thus no URL state sharing, either. bux93|7 months ago Also a terrible idea to execute code from the client, even if it's supposedly signed.https://darkatlas.io/blog/critical-sharepoint-vulnerability-...
rbinv|7 months ago Yup, ASP's "__VIEWSTATE" hidden form parameter comes to mind. It was base64-encoded and POSTed because it could get loooong (hundreds of KB).Terrible for browser navigation/refresh though, because pretty much everything was a form POST. Thus no URL state sharing, either. bux93|7 months ago Also a terrible idea to execute code from the client, even if it's supposedly signed.https://darkatlas.io/blog/critical-sharepoint-vulnerability-...
bux93|7 months ago Also a terrible idea to execute code from the client, even if it's supposedly signed.https://darkatlas.io/blog/critical-sharepoint-vulnerability-...
rbinv|7 months ago
Terrible for browser navigation/refresh though, because pretty much everything was a form POST. Thus no URL state sharing, either.
bux93|7 months ago
https://darkatlas.io/blog/critical-sharepoint-vulnerability-...