Hi Richard, replying to the list. Please reply to the list next time - see the last line of my signature. On Mon, 28 Sep 2015 08:32:08 -0500 Richard Reina <gatorreina@gmail.com> wrote:
2015-09-28 3:28 GMT-05:00 Shlomi Fish <shlomif@shlomifish.org>:
Hi Richard,
some comments on your code:
On Sun, 27 Sep 2015 17:59:42 -0500 Richard Reina <gatorreina@gmail.com> wrote:
2015-09-27 11:24 GMT-05:00 Dave Cross <dave@dave.org.uk>:
On 27/09/15 16:34, Richard Reina wrote:
I think I am going to try to figure out how to use an array reference
instead. Traveling so can't try it until I get back tomorrow.
You can, of course, try whatever approach you want. But my second
solution
will work.
Dave...
--
Hi Dave,
This did in fact work. Here is how I ended up incorporating your solution.
<div class="well" style="max-height: 300px;overflow: auto;"> <ul class="list-group fancy-list-items"> <!-- <ul class="list-group checked-list-box"> --> <table style="width:100%"> <% FOREACH Pat IN Pats.values.sort('SNAME') -%> <tr class="list-group-item"> <td width="25"><% Pat.ID %> <td width="70"><% Pat.SNAME %> <td width="75"><% Pat.ANAME %> <td width="35"><% Pat.SSN %> <td width="35"><% Pat.YR %> <td width="250"><% Pat.CHNAME %> <td width="550"><% Pat.DESCRIP %>
1. You're missing the closing tag - "</td>".
Thanks for pointing out. Can't believe I missed that.
You're welcome. Are you validating your output? Do you have automated tests to do it for you?
2. Are you sure you're avoiding https://en.wikipedia.org/wiki/Cross-site_scripting ? Also see http://perl-begin.org/tutorials/bad-elements/#code_and_markup_injection .
I am not sure. Despite reading the recommended links I don't know enough to be sure. Why do you ask?
Because cross-site scripting (XSS) can be a serious security vulnerability. Let's suppose you put a field called "myfield" that was input from the user directly into the HTML: <td><% myfield %></td> Then a malicious user can put something like this in "myfield": <script type="text/javascript">alert('XSS!')</script> And this is just the beginning of malicious JS that can be inserted. For a cautionary measure, see: https://metacpan.org/release/Template-Stash-AutoEscaping Regards, Shlomi Fish -- ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ Optimising Code for Speed - http://shlom.in/optimise A: I’m hungry today. B: Well, wait until tomorrow. Maybe this feeling will pass. Please reply to list if it's a mailing list post - http://shlom.in/reply .