POST-requests and View Source


Issue: When a page processed a POST-request, and you View Page Source, the page-source is loaded without POST-requests. In Chrome, the page is loaded with the request executed, but the request is not submitted again. This means that you can inspect the page after it processed the POST-request. I assume when you View Page Source in Chrome, the page is not reloaded at all, but the current HTML is passed to view-source:[url]
This causes problems when you need to inspect the website’s code including the POST request (when looking for XSS vulnerabilities for example).

Steps to reproduce: Create an HTML form that outputs the POST-request into the same page. Submit the form and inspect the source-code. The POST-request result is not outputted because the page is reloaded and “fresh”.

Requested solution: make sure that View Source takes the exact HTML of the page, including the processed requests and before Javascript or other DOM-manipulating plugins are executed, but without resubmitting the POST-request.


Does this also happen when using the Inspect Element tool?


The Inspect Element tool always shows the current state and is what I use as a workaround right now. Another way is the Network Panel of the developer tools and inspect the request itself. But it would be very useful to be able to use the Page Source option as well