php - Proper syntax when using a javascript variable in an HTML link -


i trying combine simple html (php) link , include js variable. have syntax incorrect. suggestions?

$.each(playlist, function(index, val) {     playlisthtml += "<form name="form" method="post" action="../_inc/process_track_move.php?track="+val.sources[0].title" });

you should not assembling raw html manually in javascript; it's easy wrong. in case, if code worked, vulnerable encoding errors , xss security issues because doesn't encode attribute value.

the safer choice use dom api, framework, or default-safe templating engine create elements need, automatically care care of encoding attribute values.

here's how use dom api instead of raw html case.

var playlist = document.createelement('div');  // or document.queryselector('#playlist')?  $.each(playlist, function(index, val) {     var form = document.createelement('form');     form.setattribute('name', 'form');     form.setattribute('method', 'post');     form.setattribute('action', '../_inc/process_track_move.php?track=' + val.sources[0].title);     playlist.appendchild(form); });  playlisthtml += playlist.innerhtml;

you can add created elements directly document, or convert them html string using.

if must use raw html concatenation, can't + text string on html, must encode html first avoid security vulnerabilities or errors. @ minimum, means using function this:

function texttohtml(s) {   return s       .replace(/&/g, '&amp;')       .replace(/</g, '&lt;')       .replace(/>/g, '&gt;')       .replace(/"/g, '&quot;')       .replace(/'/g, '&#39;'); }

you must escape "s inside string \" them parse correctly. gives us:

playlisthtml += "<form name=\"form\" method=\"post\" action=\"../_inc/process_track_move.php?track=" + texttohtml(val.sources[0].title) + "\"></form>";

-

Comments

Post a Comment

Popular posts from this blog

python - How to insert QWidgets in the middle of a Layout? -

Image
i'm using qt framework build graphical user interface. use qgridlayout position qwidgets neatly. gui looks this: my application regularly adds new widgets gui @ runtime. these new widgets not added @ end of qlayout, somewhere in middle. the procedure bit cumbersome. applied on figure above, need take out widg_c , widg_d , ... qgridlayout. next, add widg_x and widg_y , , put other widgets again. how remove widgets qgridlayout: for in reversed(range(mygridlayout.count())): self.itemat(i).widget().setparent(none) ### as long you're dealing small amount of widgets, procedure not disaster. in application display lot of small widgets - perhaps 50 or more! application freezes second while procedure ongoing, annoying user. there way insert widgets somewhere in qlayout, without need take out other widgets? edit: apparently solution qvboxlayout simple. use function insertwidget(..) instead of addwidget(..) . docs can found link: http://doc.qt.io/qt-5/qboxlayou
Read more

python - serve multiple gunicorn django instances under nginx ubuntu -

i need serve 2 webs apps (django) on gunicorn under different domain names using nginx on ubuntu. started using tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04 it worked fine 1 using that. tried same thing second gives me 502 gateway second domain. tried following tutorial: http://michal.karzynski.pl/blog/2013/10/29/serving-multiple-django-applications-with-nginx-gunicorn-supervisor/ i'm @ part run gunicorn start script: sudo bin/gunicorn_start i response: starting webuildblack root traceback (most recent call last): file "/home/devin/webuildblack/bin/gunicorn", line 7, in <module> gunicorn.app.wsgiapp import run importerror: no module named 'gunicorn.app'; 'gunicorn' not package you have named program gunicorn.py gunicorn -package. rename file , remove gunicorn.pyc file.
Read more

module - Prestashop displayPaymentReturn hook url -

i new prestashop developer , trying create paymentmodule. have got show payment method can not proceed purchase because not know hot works. does know should redirect run hooddisplaypaymentreturn method? i happy if explain me complete navigation map make purchase. anyway, can find relation between hooks , pages? when have new module payment rely on simplest provided prestashop: bankwire. inside can find 3 hooks. hookpayment: public function hookpayment($params) { if (!$this->active) return; if (!$this->checkcurrency($params['cart'])) return; $this->smarty->assign(array( 'this_path' => $this->_path, 'this_path_bw' => $this->_path, 'this_path_ssl' => tools::getshopdomainssl(true, true).__ps_base_uri__.'modules/'.$this->name.'/' )); return $this->display(__file__, 'payment.tpl'); } hookdisplaypaymenteu: public fun
Read more