[prev in list] [next in list] [prev in thread] [next in thread] 

List:       python-list
Subject:    Re: Completely OT
From:       geremy condra <debatem1 () gmail ! com>
Date:       2009-11-30 23:40:41
Message-ID: f3cc57c60911301540l554c93aajef1bc212dd45f087 () mail ! gmail ! com
[Download RAW message or body]

On Mon, Nov 30, 2009 at 1:21 PM, Victor Subervi <victorsubervi@gmail.com> wrote:
> On Mon, Nov 30, 2009 at 2:00 PM, inhahe <inhahe@gmail.com> wrote:
>>
>> On Mon, Nov 30, 2009 at 12:58 PM, inhahe <inhahe@gmail.com> wrote:
>> > On Mon, Nov 30, 2009 at 12:49 PM, Victor Subervi
>> > <victorsubervi@gmail.com> wrote:
>> >>
>> >>
>> >> If I'm not mistaken, that won't help me actually print to screen the
>> >> user's
>> >> choices as he selects them, which in my application, is important.
>> >> Please
>> >> advise.
>> >> TIA,
>> >> V
>> >
>> >
>> > sure, that's where this part comes in:
>> >
>> > the javascript would populate the list for the colors the user selects
>> > (the easiest way would probably be to give the list an id and use
>> > getElementByID())
>> >
>> > so basically you'd define, e.g., an onClick="blah('red'); return true"
>> > within the red element's tag, and then define a function blah(x) that
>> > says
>> > getElementById("my_list_id").innerHtml += "<br>" + x;
>> > and of course give your list textarea an id="my_list_id" attribute in
>> > the tag.
>> >
>> > that could be slightly wrong, my javascript's rusty
>> >
>>
>> also don't forget to sanitize the data you receive before committing
>> it to the database, or someone can hack the javascript and send an SQL
>> injection attack
>
> Good call! However, in my case I can put this all behind a firewall. It's
> only for the shop builder's use, and that's my client...whom I can track!
> But I presume this would entail doing searches for and eliminating all
> unnecessary characters, right?
> V

Don't homebrew these things, they're easy to screw up and disastrous
to get wrong. Also, if you're worried about how secure something
you've written is, you can give yourself a little peace of mind by
running over it with some of the standard script kiddie tools before
deployment. It'll at least give you the comfort of knowing that they
won't be able to autopwn you for a while.

Geremy Condra
-- 
http://mail.python.org/mailman/listinfo/python-list
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic