view demo/ref.ur @ 2116:ebfaab689570

The 2nd half of proper CSRF protection related to environment variables
author Adam Chlipala <adam@chlipala.net>
date Thu, 12 Feb 2015 15:09:26 -0500
parents 5819fb63c93a
children
line wrap: on
line source
structure IR = RefFun.Make(struct
                               type data = int
                           end)

structure SR = RefFun.Make(struct
                               type data = string
                           end)

fun mutate () =
    ir <- IR.new 3;
    ir' <- IR.new 7;
    sr <- SR.new "hi";

    IR.write ir' 10;

    iv <- IR.read ir;
    iv' <- IR.read ir';
    sv <- SR.read sr;

    IR.delete ir;
    IR.delete ir';
    SR.delete sr;

    return <xml><body>
      {[iv]}, {[iv']}, {[sv]}
    </body></xml>

fun main () = return <xml><body>
  <form><submit action={mutate} value="Do some pointless stuff"/></form>
</body></xml>