Mercurial > urweb
annotate tests/tsource.ur @ 1710:540df112ff62
Remove string-valued style attribute, which may allow injection attacks
author | Adam Chlipala <adam@chlipala.net> |
---|---|
date | Sun, 15 Apr 2012 12:40:53 -0400 |
parents | 607657eb2865 |
children |
rev | line source |
---|---|
adam@1463 | 1 fun doSubmit r = |
adam@1463 | 2 return <xml>Done {[readError r.Amount1 * readError r.Amount2 * 2.0]}</xml> |
adam@1463 | 3 |
adam@1463 | 4 fun main () = |
adam@1463 | 5 amount1S <- source "1"; |
adam@1463 | 6 amount2S <- source "1"; |
adam@1463 | 7 return <xml> <body> |
adam@1463 | 8 <form> |
adam@1463 | 9 <table> |
adam@1463 | 10 <tr><td>Amount1:</td><td><textbox{#Amount1} |
adam@1463 | 11 source={amount1S}/></td></tr> |
adam@1463 | 12 <tr><td>Amount2:</td><td><textbox{#Amount2} |
adam@1463 | 13 source={amount2S}/></td></tr> |
adam@1463 | 14 <tr><td>Total:</td><td><dyn signal={showTotal amount1S |
adam@1463 | 15 amount2S}/></td></tr> |
adam@1463 | 16 </table> |
adam@1463 | 17 <submit value="Buy" action={doSubmit}/> |
adam@1463 | 18 </form> |
adam@1463 | 19 </body> |
adam@1463 | 20 </xml> |
adam@1463 | 21 |
adam@1463 | 22 and showTotal amount1S amount2S = |
adam@1463 | 23 a1 <- signal amount1S; |
adam@1463 | 24 a2 <- signal amount2S; |
adam@1463 | 25 return (case ((read a1), (read a2)) of |
adam@1463 | 26 (None, _) => <xml></xml> |
adam@1463 | 27 | (_, None) => <xml></xml> |
adam@1463 | 28 | (Some a, Some b) => <xml>{[a * b * 2.0]}</xml>) |