Completely OT

inhahe inhahe at
Mon Nov 30 23:15:17 CET 2009

On Mon, Nov 30, 2009 at 2:17 PM, Lie Ryan <lie.1296 at> wrote:
> On 12/1/2009 5:00 AM, inhahe wrote:
>> On Mon, Nov 30, 2009 at 12:58 PM, inhahe<inhahe at>  wrote:
>>> On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi
>>> <victorsubervi at>  wrote:
>>>> If I'm not mistaken, that won't help me actually print to screen the
>>>> user's
>>>> choices as he selects them, which in my application, is important.
>>>> Please
>>>> advise.
> That's where Javascript kicks in. You only need to use the javascript to
> modify your document (visual effect); you won't need it to submit to the
> server (the real action).

Oh yes, good point - even though (if he were still going to go the
JavaScript route) he'd modify the textarea using javascript, a regular
submit button could be used because it'll submit the current contents
of that textarea all the same.

>> also don't forget to sanitize the data you receive before committing
>> it to the database, or someone can hack the javascript and send an SQL
>> injection attack
> Or a XSS attack (Cross-site scripting). Basically, you want to check whether
> the string received by the server matches your own predefined list of colors
> before storing to the database.
> --

More information about the Python-list mailing list