Thursday, February 27, 2014

Re: Javascript and sessions

On Wednesday, February 26, 2014 10:41:38 PM UTC-4:30, Luke Baker wrote:
My web application is heavily based around form input. I'd like to update the user's session with each form input that they update or change while working with a form. I'm thinking of implementing some simple javascript that listens for 'change' events on each form input. When the 'change' event fires, I'd like to make an ajax request to update the users session with that form input name and value. To do this, I would have to write a view that would allow the user to POST any thing they wanted (essentially) to their session - is this safe? It makes me think twice.

Yes you must write that view. Sanitize the inputs.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/187995d9-0a47-4e00-9b93-f17490d7ba96%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

No comments:

Post a Comment