[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: [ANN] Reactive Server Pages
- From: "Robert G. Jakabosky" <bobby@...>
- Date: Thu, 5 Aug 2010 16:21:48 -0700
> That's true. Fortunately it's not relevant:
<snip>
>
> Do what you want with _step. When the _next event is triggered, _step
> is initialized from i before being output to the user space.
>
> Chris
except for the _html variable:
http://www.lua.inf.puc-rio.br/rsp/step/next
I am in step 2
http://www.lua.inf.puc-rio.br/rsp/step/?_html=Hello world
Hello world
http://www.lua.inf.puc-rio.br/rsp/step/next
Hello world
Keep calling the ../next url until it writes "Finished!" into the _html
variable.
Also looks like someone else was able to write:
<script type="text/javascript">alert("this could have been a malicious
script")</script>
into the _html variable and have it show up in my browser. I have no-script
extention blocking javascript by-default, so I didn't see the alert dialog.
I though there was some other bug showing me an empty page, until I viewed
the page source.
--
Robert G. Jakabosky