Completely OT

inhahe inhahe at gmail.com
Mon Nov 30 23:15:17 CET 2009


On Mon, Nov 30, 2009 at 2:17 PM, Lie Ryan <lie.1296 at gmail.com> wrote:
> On 12/1/2009 5:00 AM, inhahe wrote:
>>
>> On Mon, Nov 30, 2009 at 12:58 PM, inhahe<inhahe at gmail.com>  wrote:
>>>
>>> On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi
>>> <victorsubervi at gmail.com>  wrote:
>>>>
>>>>
>>>> If I'm not mistaken, that won't help me actually print to screen the
>>>> user's
>>>> choices as he selects them, which in my application, is important.
>>>> Please
>>>> advise.
>
> That's where Javascript kicks in. You only need to use the javascript to
> modify your document (visual effect); you won't need it to submit to the
> server (the real action).
>

Oh yes, good point - even though (if he were still going to go the
JavaScript route) he'd modify the textarea using javascript, a regular
submit button could be used because it'll submit the current contents
of that textarea all the same.

>>
>> also don't forget to sanitize the data you receive before committing
>> it to the database, or someone can hack the javascript and send an SQL
>> injection attack
>
> Or a XSS attack (Cross-site scripting). Basically, you want to check whether
> the string received by the server matches your own predefined list of colors
> before storing to the database.
> --
> http://mail.python.org/mailman/listinfo/python-list
>



More information about the Python-list mailing list