HTTP Request Parameters in SuiteScript for NetSuite
Understand how to handle HTTP request parameters in SuiteScript for effective web communication. TL;DR Opening TL;DR Opening
TL;DR Opening
This article provides a detailed overview of how to handle HTTP request parameters in SuiteScript, emphasizing the importance of validation to avoid security risks like cross-site scripting (XSS) injections.
What Are HTTP Request Parameters?
HTTP request parameters are key-value pairs that facilitate the exchange of information between a client and a server in NetSuite's scripting environment. These parameters vary based on the type of HTTP request:
- GET Request: Parameters are included in the URL as part of the query string.
- POST Request: Parameters are sent in the body of the request.
Important Considerations
When working with HTTP request parameters, adhere to the following best practices:
- Input Validation: Always validate parameters to prevent security vulnerabilities such as XSS injections. Avoid including
<script>tags in your parameters. - Data Structure: Note that parameters cannot be arrays. Instead, utilize
JSON.stringifyandJSON.parsefor array handling.
Property Description
The parameters are treated as an object of name-value pairs:
| Field Name | Type | Description |
|---|---|---|
| parameters | Object (read-only) | Contains server request parameters. |
Error Handling
When trying to modify this property, the following error may be encountered:
- Error Code:
READ_ONLY_PROPERTY- Thrown If: An attempt is made to modify the read-only property.
Sample Code
Here’s a basic example demonstrating how to access parameters within a Suitelet's onRequest method:
1// Add additional code 2...3// example from a Suitelet4 5onRequest: function(context) {6 // The context.request is an http.ServerRequest7 if (context.request.method === 'GET') { 8 var myName = context.request.parameters.custpage_nameParam; 9 var myPhone = context.request.parameters.custpage_phoneParam; 10 }11 if (context.request.method === 'POST'){ 12 var myName = context.request.parameters.nameFld; 13 var myPhone = context.request.parameters.phoneFld;14 }15}16...17// Add additional codeRelated Topics
- N/http Module: Understanding the module helps in making HTTP calls from server or client scripts in NetSuite.
- ServerRequest Object: This object provides detailed information on HTTP requests.
Who This Affects
Roles impacted include:
- Developers who write SuiteScript for custom applications.
- Administrators overseeing script security and performance.
Key Takeaways
- Validate all parameters to prevent XSS vulnerabilities.
- Use JSON methods to manipulate arrays in parameters.
- Understand the read-only nature of the
parametersproperty. - Be aware of how parameters differ in GET and POST requests.
Frequently Asked Questions (4)
How should I handle arrays in HTTP request parameters in SuiteScript?
What error might I encounter when trying to modify request parameters in SuiteScript?
Does the handling of parameters differ between GET and POST requests in SuiteScript?
What security measure should be taken when handling HTTP request parameters in SuiteScript?
Was this article helpful?
More in SuiteScript
- SuiteScript 2.1 Enhancements in NetSuite February Updates
SuiteScript 2.1 now supports async features and PATCH method. Discover the latest API and SuiteProcurement improvements.
- Scheduling Map/Reduce Script Deployments in NetSuite
Learn to schedule map/reduce script submissions, including one-time and recurring options in NetSuite.
- Binary File Support in N/https Module for SuiteScript
SuiteScript enhances capabilities with binary file support in the N/https module, allowing improved data handling in external communications.
- API Governance Units Calculation in NetSuite 2026.1
NetSuite 2026.1 introduces examples illustrating API governance unit calculations for both user event and scheduled scripts.
