Re: [Catalyst] how to confirm before deleting
On Thu, Jan 22, 2009 at 5:35 PM, Trevor Phillips wrote: > On Thu, Jan 22, 2009 at 3:12 PM, Toby Corkindale > wrote: > > > > But what happens when your site gets spidered by a search engine, that > > follows all links? > > > > Whoops. > > > > There's a good reason state-modification-actions should be POST (or > rather, > > non-GET, if you want to go with PUT, DELETE, etc) > > Surely such an action would be behind some form of authentication, > ergo blocking any random web crawler? An app that allowed you to > delete records with no security checks has bigger issues. ^_^ Except, what if the crawler is inside the user's browser? Google's Web Accelerator supposedly caused a lot of grief in 2005 when it started pre-fetching non-idempotent GET requests for unsuspecting users.. Patrick Donelan http://patspam.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to confirm before deleting
From: "Richard Siddall" > Kieren Diment wrote: >> Yeah, 98% of your browsers have javascript enabled and a big chunk of >> the remainder are bots ... >> >> On the other hand you might want a non-javascript undo option at the >> other end if you go that route. >> > > Duh, I should know this, but do screen readers support JavaScript? It depends on what the JS script does. If it draws a menu for example, it won't be accessible, but if it just hides/shows a div with menu elements, it would be accessible in some cases, but probably not for all the screen readers. For just showing a confirmation window, JS is accessible for the screen readers. The most annoying thing however is to use links that use JS code in the href attribute instead of associate it with the events like onClick. This is because when the user makes a shift+click or shift+enter on a link in order to open the new page in a new window, it just displays an error because the browser can't access an url like javascript:DoPostBack() It is also very annoying to need to open a link like "#" or "". I think that if the user presses shift+enter, he knows that this will open the page in a new window, so the href attribute should contain the full URL to the targeted page. Of course, if the URL should change something on the server, that page that opens directly (without JS) should contain a form that asks for a confirmation. Octavian ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to confirm before deleting
Trevor Phillips wrote: On Thu, Jan 22, 2009 at 3:12 PM, Toby Corkindale wrote: But what happens when your site gets spidered by a search engine, that follows all links? Whoops. There's a good reason state-modification-actions should be POST (or rather, non-GET, if you want to go with PUT, DELETE, etc) Surely such an action would be behind some form of authentication, ergo blocking any random web crawler? An app that allowed you to delete records with no security checks has bigger issues. ^_^ Yeah.. can't actually remember what the actions were, but indeed, 'twas misguided. After posting that, I realised other people had already posted warnings about not using GET for state-change anyway. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to confirm before deleting
On Thu, Jan 22, 2009 at 3:12 PM, Toby Corkindale wrote: > > But what happens when your site gets spidered by a search engine, that > follows all links? > > Whoops. > > There's a good reason state-modification-actions should be POST (or rather, > non-GET, if you want to go with PUT, DELETE, etc) Surely such an action would be behind some form of authentication, ergo blocking any random web crawler? An app that allowed you to delete records with no security checks has bigger issues. ^_^ -- Trevor Phillips - http://dortamur.livejournal.com/ "On nights such as this, evil deeds are done. And good deeds, of course. But mostly evil, on the whole." -- (Terry Pratchett, Wyrd Sisters) ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to confirm before deleting
Kieren Diment wrote: Yeah, 98% of your browsers have javascript enabled and a big chunk of the remainder are bots ... On the other hand you might want a non-javascript undo option at the other end if you go that route. Oh, and watch out for a Classic Error I saw in someone's code a little while ago.. They had entered a bunch of state-modifying buttons like this: src="/static/trashcan.gif" alt="Delete"/> But what happens when your site gets spidered by a search engine, that follows all links? Whoops. There's a good reason state-modification-actions should be POST (or rather, non-GET, if you want to go with PUT, DELETE, etc) On 22/01/2009, at 3:06 PM, Jonathan Rockway wrote: * On Wed, Jan 21 2009, Dave Howorth wrote: Paul Falbe wrote: That works thank you very much. Don't know how many google searchs I did trying to find that out! Rodrigo-51 wrote: Paul, how about a javascript confirm() box? ... and if the user has Javascript disabled? Please enable Javascript. It's Two Thousand Fucking Nine. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to confirm before deleting
Kieren Diment wrote: Yeah, 98% of your browsers have javascript enabled and a big chunk of the remainder are bots ... On the other hand you might want a non-javascript undo option at the other end if you go that route. Duh, I should know this, but do screen readers support JavaScript? Regards, Richard Siddall ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to confirm before deleting
Yeah, 98% of your browsers have javascript enabled and a big chunk of the remainder are bots ... On the other hand you might want a non-javascript undo option at the other end if you go that route. On 22/01/2009, at 3:06 PM, Jonathan Rockway wrote: * On Wed, Jan 21 2009, Dave Howorth wrote: Paul Falbe wrote: That works thank you very much. Don't know how many google searchs I did trying to find that out! Rodrigo-51 wrote: Paul, how about a javascript confirm() box? ... and if the user has Javascript disabled? Please enable Javascript. It's Two Thousand Fucking Nine. Seriously. Regards, Jonathan Rockway -- print just => another => perl => hacker => if $,=$" ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to confirm before deleting
* On Wed, Jan 21 2009, Dave Howorth wrote: > Paul Falbe wrote: >> That works thank you very much. Don't know how many google searchs I did >> trying to find that out! > >> Rodrigo-51 wrote: >>> Paul, how about a javascript confirm() box? > > ... and if the user has Javascript disabled? Please enable Javascript. It's Two Thousand Fucking Nine. Seriously. Regards, Jonathan Rockway -- print just => another => perl => hacker => if $,=$" ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/