| From: | Sehrope Sarkuni <sehrope(at)jackdb(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Dave Page <dpage(at)pgadmin(dot)org>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se>, PostgreSQL WWW <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: Improve UX of YUM/DNF download form |
| Date: | 2020-06-09 11:20:42 |
| Message-ID: | CAH7T-aoUB9xZ+TGCjQQ1sJU0_PknzsAqipqs3dy3Tv9b91UMYA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
I took a peek at the updated yum.js. There's a couple unused variables in
the script generation and it doesn't escape the generated text before
assigning it to the DOM node. Not an issue now as there's nothing that'd
break it, but if it's ever updated to include a redirect ("<") or something
else hokey it'd break.
How about the attached? It splits the script generation into its own
function returning a string and has the archChanged() only handle updating
the DOM. It uses jQuery .text(...) for the DOM update so that the contents
are escaped.
I don't have the full site running locally but adding the new DOM node and
copy / pasting in the browser to manipulate the live site with this code
seems to work fine.
Regards,
-- Sehrope Sarkuni
Founder & CEO | JackDB, Inc. | https://www.jackdb.com/
| Attachment | Content-Type | Size |
|---|---|---|
| pg-yum-install.js.txt | text/plain | 1.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2020-06-09 11:49:29 | Re: Improve UX of YUM/DNF download form |
| Previous Message | Magnus Hagander | 2020-06-09 10:38:47 | Re: Improve UX of YUM/DNF download form |