cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ovidiu Predescu <>
Subject Re: [RT] Flowmaps
Date Tue, 18 Jun 2002 07:09:28 GMT
On 6/17/02 11:22 PM, "Christian Haul" <>

> On 17.Jun.2002 -- 09:35 PM, Ovidiu Predescu wrote:
>> - automatic binding of JavaScript variables to form values. This would allow
>> you to declare something like:
>>   var username, password;
>>   // Send a page to collect the user name and the password
>>   sendPage("login.html");
>>   // When the user fills in the form and presses the submit button, the
>>   // script restarts here. The flow engine automatically binds the username
>>   // and password to the values submitted in the form.
> Don't. It was one of the biggest mistakes PHP did securitywise. Always
> access request parameters explicitly.

Yes, I read somewhere about this, but don't know the details. Can you
explain some more?

I actually like the way variables are automatically bound in WebObjects,
where you have to explicitly define the automatic binding, by mapping an
instance variable to a form parameter. I was thinking to follow a similar
pattern, and have a way to specify that a given local variable in a function
is to be bound to a form parameter. In WebObjects this association is
totally under the control of the programmer, and the same way should be done
in Cocoon.

Could this be a potential security problem?


To unsubscribe, e-mail:
For additional commands, email:

View raw message