Thanks for the feedback, Michael!
> What would be really cool is if the plugin could automatically rewrite
> the links to be tamper proof for everything going out to the browser.
> This could be done using a call back at postrun time with some HTML
> parser. Of course this would be need to be turned on by the user (since
> it could potentially be pretty slow) both globally and per run mode, and
> then with the option of somehow disabling/enabling the tamper proof
> filtering at run time in the run mode itself.
Hmmm - that's an interesting idea. I'm usually too much of a control
freak to give the computer that much power, though.
> Or maybe there's a way to make this work from inside the template where
> the programmer can decide for which URL's it makes a difference. Should
> be pretty easy as a TT plugin, but might also work as H::T plugin with
> Mark's new system.
Yeah! I like this approach! And you can do this already if you use
Cees's technique of passing in the CGI::Application $self object into
the template params:
# in your run mode (AnyTemplate syntax)
$self->template->fill({'c' => $self);
# in your TT template:
<a href="[% c.make_link('/account.cgi?rm=balance&acct_id=73') %]">
# or in your HT::Dot template:
<a href="<TMPL_VAR c.make_link('/account.cgi?rm=balance&acct_id=73')>">
I'll add this technique to the docs when I get a chance.
> What does the invalid_checksum hook do? Or is it just a hook that you
> can inject stuff into if you need it?
Yeah, it's an open hook for you to do whatever you want, depending upon
how serious you feel the intrusion attempt is. In CAF, we delete the
user's session.
Michael
---
Michael Graham <suppressed>
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.