diff options
Diffstat (limited to 'vnc_lite.html')
-rw-r--r-- | vnc_lite.html | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/vnc_lite.html b/vnc_lite.html index 36b062b..1f6e030 100644 --- a/vnc_lite.html +++ b/vnc_lite.html @@ -109,13 +109,20 @@ // query string. If the variable isn't defined in the URL // it returns the default value instead. function readQueryVariable(name, defaultValue) { - // A URL with a query parameter can look like this: + // A URL with a query parameter can look like this (But will most probably get logged on the http server): // https://www.example.com?myqueryparam=myvalue // + // For privacy (Using a hastag #, the parameters will not be sent to the server) + // the url can be requested in the following way: + // https://www.example.com#myqueryparam=myvalue&password=secreatvalue + // + // Even Mixing public and non public parameters will work: + // https://www.example.com?nonsecretparam=example.com#password=secreatvalue + // // Note that we use location.href instead of location.search // because Firefox < 53 has a bug w.r.t location.search const re = new RegExp('.*[?&]' + name + '=([^&#]*)'), - match = document.location.href.match(re); + match = ''.concat(document.location.href, " ", window.location.hash).match(re); if (match) { // We have to decode the URL since want the cleartext value |