annotate tests/dynTable.ur @ 1710:540df112ff62

Remove string-valued style attribute, which may allow injection attacks
author Adam Chlipala <adam@chlipala.net>
date Sun, 15 Apr 2012 12:40:53 -0400
parents ade93cd5bc59
children d2383ffc18ab
rev   line source
adam@1538 1 fun main () : transaction page =
adam@1538 2 s <- source <xml/>;
adam@1538 3 s1 <- source <xml/>;
adam@1538 4 n <- source 0;
adam@1538 5 return <xml><body>
adam@1538 6 <table>
adam@1538 7 <dyn signal={signal s}/>
adam@1538 8 <tr> <td>Hi</td> </tr>
adam@1538 9 </table>
adam@1538 10
adam@1538 11 <button onclick={v <- get n;
adam@1538 12 set n (v + 1);
adam@1538 13 set s <xml><tr> <td>Whoa!({[v]})</td> </tr></xml>}/>
adam@1538 14
adam@1538 15 <table>
adam@1538 16 <tr> <dyn signal={signal s1}/> </tr>
adam@1538 17 <tr> <td>Hi!</td> </tr>
adam@1538 18 </table>
adam@1538 19
adam@1538 20 <button onclick={set s1 <xml><td>Whoa!</td></xml>}/>
adam@1538 21 </body></xml>