Re: [ANN] Reactive Server Pages

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] Reactive Server Pages
From: "Robert G. Jakabosky" <bobby@...>
Date: Thu, 5 Aug 2010 16:21:48 -0700

> That's true. Fortunately it's not relevant:

<snip>

>
> Do what you want with _step. When the _next event is triggered, _step
> is initialized from i before being output to the user space.
>
> Chris

except for the _html variable:

http://www.lua.inf.puc-rio.br/rsp/step/next
  I am in step 2
http://www.lua.inf.puc-rio.br/rsp/step/?_html=Hello world
  Hello world
http://www.lua.inf.puc-rio.br/rsp/step/next
  Hello world

Keep calling the ../next url until it writes "Finished!" into the _html 
variable.

Also looks like someone else was able to write:
<script type="text/javascript">alert("this could have been a malicious 
script")</script>

into the _html variable and have it show up in my browser.  I have no-script 
extention blocking javascript by-default, so I didn't see the alert dialog.  
I though there was some other bug showing me an empty page, until I viewed 
the page source.

-- 
Robert G. Jakabosky

References:
- [ANN] Reactive Server Pages, Francisco Sant'anna
- Re: [ANN] Reactive Server Pages, Henk Boom
- Re: [ANN] Reactive Server Pages, Chris Babcock

Prev by Date: Re: [ANN] Reactive Server Pages
Next by Date: Re: [ANN] Reactive Server Pages
Previous by thread: Re: [ANN] Reactive Server Pages
Next by thread: Re: [ANN] Reactive Server Pages
Index(es):
- Date
- Thread