view tests/jsuni.ur @ 1710:540df112ff62

Remove string-valued style attribute, which may allow injection attacks
author Adam Chlipala <adam@chlipala.net>
date Sun, 15 Apr 2012 12:40:53 -0400
parents e81434513720
children
line wrap: on
line source
fun main () =
    s1 <- source "";
    s2 <- source "";

    let
        fun echo s = return s

        fun echoer () =
            v1 <- get s1;
            v1' <- rpc (echo v1);
            set s2 v1'
    in
        return <xml><body>
          <dyn signal={v <- signal s2; return (cdata v)}/><hr/>
          <ctextbox source={s1}/> <button onclick={echoer ()}/>
        </body></xml>
    end