On Tuesday 02 Feb 2010 14:12:01 Erez Schatz wrote:
> On 2 February 2010 09:19, venu madhav <venutaurus...@gmail.com> wrote:
> > I've a situation where I create a hash variable in PERL and
> > use it in Java script which is embedded in the CGI. The key for that
> > hash is taken from JavaScript. For ex:
> >
> > ----- CGI code----
> > my %hash{3}=300;
> > ------JScript code---
> > var var1 = 3;
> > var variable = $hash{var1};
> > ------------------------
>
> At the creation of the CGI document, you can embed elements from the
> Perl code in the site. In essence, what you may want to do is
> print '<script type="text/javascript>';
> print "var variable=$hash{3};";
Ahmm... no. What if someone does this:
<<<
my %hash = (3 => <<"EOF");
</script>
<script type="text/javascript">
<!--- Insert nasty JS here --->
</script>
<img src="spammer stuff."...
>>>
This is called a cross-site scripting attack (
http://en.wikipedia.org/wiki/Cross-site_scripting ) and is very serious.
Please use a good JSON module to pass and encode data to JavaScript.
Regards,
Shlomi Fish
>
> which would interpolate into whatever value is there at the hash.
> However, if the "var1" variable is changing at the client, you will
> need to send the value back to the server if you want to get an answer
> from the Perl hash.
>
> In order for us to supply you with a better, more correct, answer, I
> recommend you send us more information regarding both the nature of
> your question, as well as the actual code that revolves around these
> lines. (i.e. more context).
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
"Humanity" - Parody of Modern Life - http://shlom.in/humanity
Deletionists delete Wikipedia articles that they consider lame.
Chuck Norris deletes deletionists whom he considers lame.
Please reply to list if it's a mailing list post - http://shlom.in/reply .
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
