Mercurial > urweb
annotate tests/dynTable.ur @ 1710:540df112ff62
Remove string-valued style attribute, which may allow injection attacks
| author | Adam Chlipala <adam@chlipala.net> |
|---|---|
| date | Sun, 15 Apr 2012 12:40:53 -0400 |
| parents | ade93cd5bc59 |
| children | d2383ffc18ab |
| rev | line source |
|---|---|
| adam@1538 | 1 fun main () : transaction page = |
| adam@1538 | 2 s <- source <xml/>; |
| adam@1538 | 3 s1 <- source <xml/>; |
| adam@1538 | 4 n <- source 0; |
| adam@1538 | 5 return <xml><body> |
| adam@1538 | 6 <table> |
| adam@1538 | 7 <dyn signal={signal s}/> |
| adam@1538 | 8 <tr> <td>Hi</td> </tr> |
| adam@1538 | 9 </table> |
| adam@1538 | 10 |
| adam@1538 | 11 <button onclick={v <- get n; |
| adam@1538 | 12 set n (v + 1); |
| adam@1538 | 13 set s <xml><tr> <td>Whoa!({[v]})</td> </tr></xml>}/> |
| adam@1538 | 14 |
| adam@1538 | 15 <table> |
| adam@1538 | 16 <tr> <dyn signal={signal s1}/> </tr> |
| adam@1538 | 17 <tr> <td>Hi!</td> </tr> |
| adam@1538 | 18 </table> |
| adam@1538 | 19 |
| adam@1538 | 20 <button onclick={set s1 <xml><td>Whoa!</td></xml>}/> |
| adam@1538 | 21 </body></xml> |