Re: PHP and Applescript
Re: PHP and Applescript
- Subject: Re: PHP and Applescript
- From: has <email@hidden>
- Date: Tue, 12 Feb 2008 14:24:39 +0000
On 12 Feb 2008, at 14:12, Mark J. Reed wrote:
On Feb 12, 2008 9:02 AM, has <email@hidden> wrote:
On 10 Feb 2008, at 22:47, Rob Lewis wrote:
There's an interesting CGI called "x2web" that supports embedding
AppleScript code inside <applescript> and </applescript> tags.
I hope not - that would be incredibly unsafe on anything but a
completely closed and trusted system (see code injection attack).
? I'm assuming the AS is still run on the server, not the client...
If the OP, Rob, is talking about a server-side web programming or
templating system à la PHP where the embedded code is executed in
order to generate a finished HTML document to send to the user, then
ignore what I said because I thought he was meaning something different.
The way I read it, it sounded as if the server was serving up an HTML
file with embedded AppleScript code in it, and that code was
subsequently being sent back to the server to execute. Irresponsible
DHTML developers do this sort of thing sometimes with client-side
JavaScript; for example, having the JavaScript construct things like
raw SQL queries and sending those directly to the server-side
database. A malicious user can easily substitute the embedded
JavaScript with their own in order to do nasty things such as deleting
the entire database.
(FWIW, I did take a look at the x2web package to see if it made things
any clearer, but it's completely undocumented so I wasn't any the
wiser for it.)
has
--
http://appscript.sourceforge.net
http://rb-appscript.rubyforge.org
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users
This email sent to email@hidden