Re: Completely OT

Discussion in 'Python' started by inhahe, Nov 30, 2009.

  1. inhahe

    inhahe Guest

    On Mon, Nov 30, 2009 at 12:58 PM, inhahe <> wrote:
    > On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi
    > <> wrote:
    >>
    >>
    >> If I'm not mistaken, that won't help me actually print to screen the user's
    >> choices as he selects them, which in my application, is important. Please
    >> advise.
    >> TIA,
    >> V

    >
    >
    > sure, that's where this part comes in:
    >
    > the javascript would populate the list for the colors the user selects
    > (the easiest way would probably be to give the list an id and use
    > getElementByID())
    >
    > so basically you'd define, e.g., an onClick="blah('red'); return true"
    > within the red element's tag, and then define a function blah(x) that
    > says
    > getElementById("my_list_id").innerHtml += "<br>" + x;
    > and of course give your list textarea an id="my_list_id" attribute in the tag.
    >
    > that could be slightly wrong, my javascript's rusty
    >


    also don't forget to sanitize the data you receive before committing
    it to the database, or someone can hack the javascript and send an SQL
    injection attack
    inhahe, Nov 30, 2009
    #1
    1. Advertising

  2. inhahe

    Lie Ryan Guest

    On 12/1/2009 5:00 AM, inhahe wrote:
    > On Mon, Nov 30, 2009 at 12:58 PM, inhahe<> wrote:
    >> On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi
    >> <> wrote:
    >>>
    >>>
    >>> If I'm not mistaken, that won't help me actually print to screen the user's
    >>> choices as he selects them, which in my application, is important. Please
    >>> advise.


    That's where Javascript kicks in. You only need to use the javascript to
    modify your document (visual effect); you won't need it to submit to the
    server (the real action).

    >
    > also don't forget to sanitize the data you receive before committing
    > it to the database, or someone can hack the javascript and send an SQL
    > injection attack


    Or a XSS attack (Cross-site scripting). Basically, you want to check
    whether the string received by the server matches your own predefined
    list of colors before storing to the database.
    Lie Ryan, Nov 30, 2009
    #2
    1. Advertising

  3. inhahe

    inhahe Guest

    On Mon, Nov 30, 2009 at 2:17 PM, Lie Ryan <> wrote:
    > On 12/1/2009 5:00 AM, inhahe wrote:
    >>
    >> On Mon, Nov 30, 2009 at 12:58 PM, inhahe<>  wrote:
    >>>
    >>> On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi
    >>> <>  wrote:
    >>>>
    >>>>
    >>>> If I'm not mistaken, that won't help me actually print to screen the
    >>>> user's
    >>>> choices as he selects them, which in my application, is important.
    >>>> Please
    >>>> advise.

    >
    > That's where Javascript kicks in. You only need to use the javascript to
    > modify your document (visual effect); you won't need it to submit to the
    > server (the real action).
    >


    Oh yes, good point - even though (if he were still going to go the
    JavaScript route) he'd modify the textarea using javascript, a regular
    submit button could be used because it'll submit the current contents
    of that textarea all the same.

    >>
    >> also don't forget to sanitize the data you receive before committing
    >> it to the database, or someone can hack the javascript and send an SQL
    >> injection attack

    >
    > Or a XSS attack (Cross-site scripting). Basically, you want to check whether
    > the string received by the server matches your own predefined list of colors
    > before storing to the database.
    > --
    > http://mail.python.org/mailman/listinfo/python-list
    >
    inhahe, Nov 30, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff S
    Replies:
    1
    Views:
    348
    Scott Allen
    Jan 20, 2004
  2. vMike
    Replies:
    0
    Views:
    298
    vMike
    Jan 23, 2004
  3. =?Utf-8?B?RGltaXRyaXMgUGFudGF6b3BvdWxvcw==?=

    I completely disagree

    =?Utf-8?B?RGltaXRyaXMgUGFudGF6b3BvdWxvcw==?=, Jul 2, 2004, in forum: ASP .Net
    Replies:
    11
    Views:
    610
    Kevin Spencer
    Jul 6, 2004
  4. Comfort
    Replies:
    1
    Views:
    451
    Enrique Santa Cruz
    Nov 5, 2004
  5. Jeremy S.
    Replies:
    6
    Views:
    492
    Jeremy S.
    Jan 22, 2005
Loading...

Share This Page