NetSuite Changelog
SuiteScriptScriptingAPI

Error Handling in SuiteScript HTTP Requests

SuiteScript provides error handling for HTTP requests through the N/http module, ensuring parameters are validated to prevent XSS attacks.

·2 min read·View Oracle Docs

The N/http module in SuiteScript handles HTTP requests effectively, but developers must pay attention to error handling and input validation. This ensures robust applications that are secure against XSS (Cross-Site Scripting) attacks. Key considerations include the proper use of request parameters and understanding how errors manifest during script execution.

Understanding Parameters

Parameters in the N/http module are handled as name:value pairs. Depending on the type of HTTP request, parameters are transmitted differently:

  • GET requests: Parameters are included in the URL.
  • POST requests: Parameters are sent within the request body.

Important Notes

  • Parameters should not be arrays. Instead, utilize JSON.stringify and JSON.parse to handle array-type data appropriately.
  • Ensure that all parameters are validated before processing to protect against potential XSS injections. Avoid using <script> tags in parameters to bolster security.

Common Error Codes and Their Meanings

When working with the HTTP request properties, you may encounter specific error codes:

Error CodeThrown If
READ_ONLY_PROPERTYAttempted to edit a read-only property.

Syntax Example

Here’s an example showing how to handle parameters in both GET and POST requests:

suitescript
1// Example from a Suitelet
2 
3onRequest: function(context) {
4    // Check the request method
5    if (context.request.method === 'GET') { 
6        var myName = context.request.parameters.custpage_nameParam;      
7        var myPhone = context.request.parameters.custpage_phoneParam;    
8    }
9    if (context.request.method === 'POST'){ 
10        var myName = context.request.parameters.nameFld;   
11        var myPhone = context.request.parameters.phoneFld;
12    }
13}

This sample demonstrates capturing parameters based on the request type, ensuring that both GET and POST methods are considered in your Suitelet implementations. For more comprehensive examples, refer to the N/http module script samples.

Key Takeaways

  • Always validate parameters to prevent XSS vulnerabilities.
  • Understand the distinction between GET and POST transmissions when working with parameters.
  • Use JSON methods for handling arrays instead of trying to transmit them directly.

Frequently Asked Questions (4)

How should parameters be handled in SuiteScript to prevent XSS attacks?
Parameters should be validated before processing to prevent XSS vulnerabilities, avoiding the use of `<script>` tags. Use JSON methods like `JSON.stringify` and `JSON.parse` for handling array-type data appropriately.
Are arrays allowed as parameters in SuiteScript's N/http module?
No, arrays should not be used as parameters directly. Instead, utilize `JSON.stringify` and `JSON.parse` to handle array-type data.
What is the significance of the READ_ONLY_PROPERTY error code in SuiteScript HTTP requests?
The `READ_ONLY_PROPERTY` error code occurs when there's an attempt to edit a read-only property in HTTP request handling. This indicates that certain properties cannot be modified directly.
How are parameters transmitted in GET vs POST requests in the SuiteScript N/http module?
In GET requests, parameters are included within the URL, whereas in POST requests, the parameters are sent within the request body.
Source: Errors Oracle NetSuite Help Center. This article was generated from official Oracle documentation and enriched with additional context and best practices.

Was this article helpful?

More in SuiteScript

View all SuiteScript articles →