Mercurial > urweb
view demo/ref.ur @ 2116:ebfaab689570
The 2nd half of proper CSRF protection related to environment variables
author | Adam Chlipala <adam@chlipala.net> |
---|---|
date | Thu, 12 Feb 2015 15:09:26 -0500 |
parents | 5819fb63c93a |
children |
line wrap: on
line source
structure IR = RefFun.Make(struct type data = int end) structure SR = RefFun.Make(struct type data = string end) fun mutate () = ir <- IR.new 3; ir' <- IR.new 7; sr <- SR.new "hi"; IR.write ir' 10; iv <- IR.read ir; iv' <- IR.read ir'; sv <- SR.read sr; IR.delete ir; IR.delete ir'; SR.delete sr; return <xml><body> {[iv]}, {[iv']}, {[sv]} </body></xml> fun main () = return <xml><body> <form><submit action={mutate} value="Do some pointless stuff"/></form> </body></xml>