[thelist] Javascript to alter a select list
Christian Heilmann
codepo8 at gmail.com
Wed Jul 13 02:05:24 CDT 2005
On 7/13/05, Jeff Howden <jeff at jeffhowden.com> wrote:
> Rod,
>
> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> > From: raanders at mailporter.net
> >
> > [...] There was a question last week or the one before
> > and I never replied to answer I got --- then lost the
> > message. The short answer I got was to look at AJAX.
> > I still haven't been able to do more than peek at it
> > but it did appear to have the potential to solve my
> > problem.
> ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>
> Be careful of people throwing around buzzwords as solutions to nearly every
> problem. From a cursory glance at your question in this post, it indeed
> looks like AJAX is NOT *the* solution to your problem.
This general defiance is as unhelpful as some other developers' "use
AJAX for everything" attitude.
Actually this example could greatly be improved with an XHR layer.
The issues:
- As the app stands now it is dependent on JavaScript to work and has
crucial information in JavaScript - I can read the promotional codes
by reading the JS source.
- To circumvent that you need to send the form to the server and
generate the dropdown on the server side - this would also enable you
to do the promotional lookup in a database
- If you keep the dropdown generation in one include you can call the
include when you load the page and via XHR when you leave the field
and replace the dropdown via the DOM.
That way both the JavaScript and the non JavaScript visitor will get
the dropdown options and you are safe from XSS.
--
Chris Heilmann
Blog: http://www.wait-till-i.com
Writing: http://icant.co.uk/
Binaries: http://www.onlinetools.org/
More information about the thelist
mailing list