[31944] in Perl-Users-Digest
Perl-Users Digest, Issue: 3207 Volume: 11
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Fri Nov 12 03:09:23 2010
Date: Fri, 12 Nov 2010 00:09:05 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Fri, 12 Nov 2010 Volume: 11 Number: 3207
Today's topics:
Re: Foreach <tzz@lifelogs.com>
Re: Foreach <uri@StemSystems.com>
Re: Foreach <kst-u@mib.org>
Re: Foreach (David Canzi)
Re: Foreach <derykus@gmail.com>
Posting Guidelines for comp.lang.perl.misc ($Revision: tadmc@seesig.invalid
Re: Using Perl to find what address bar says <kst-u@mib.org>
Re: Using Perl to find what address bar says <kkeller-usenet@wombat.san-francisco.ca.us>
Re: Using Perl to find what address bar says <ben-goldberg@hotmail.com>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Thu, 11 Nov 2010 14:12:16 -0600
From: Ted Zlatanov <tzz@lifelogs.com>
Subject: Re: Foreach
Message-Id: <87mxpfhb6n.fsf@lifelogs.com>
On Thu, 11 Nov 2010 18:02:34 +0000 (UTC) Mladen Gogala <no@email.here.invalid> wrote:
MG> Is that disdain for the map in void context just a custom or is
MG> based on some real problems caused by the code like that? Thanks
MG> for your time and comments.
I really don't think it's such a big deal. Yeah, it's not ideal, but
it's hardly a crime against humanity. I really, really doubt it will
cause maintenance problems long-term (as long as you're sure of having
Perl 5.8 or later). And it's quite readable.
OTOH I wouldn't use map in a void context in code I plan to put on CPAN
or publish openly. I don't want a thousand Uris telling me it's wrong;
arguing such things is a waste of time but the annoyance will linger.
I've had similar arguments about my preference for 1-space indents.
So judge the audience for your code and write it accordingly. When in
doubt, be conservative, explicit, and simple.
Ted
------------------------------
Date: Thu, 11 Nov 2010 15:49:55 -0500
From: "Uri Guttman" <uri@StemSystems.com>
Subject: Re: Foreach
Message-Id: <877hgj1t70.fsf@quad.sysarch.com>
>>>>> "TZ" == Ted Zlatanov <tzz@lifelogs.com> writes:
TZ> On Thu, 11 Nov 2010 18:02:34 +0000 (UTC) Mladen Gogala <no@email.here.invalid> wrote:
MG> Is that disdain for the map in void context just a custom or is
MG> based on some real problems caused by the code like that? Thanks
MG> for your time and comments.
TZ> I really don't think it's such a big deal. Yeah, it's not ideal, but
TZ> it's hardly a crime against humanity. I really, really doubt it will
TZ> cause maintenance problems long-term (as long as you're sure of having
TZ> Perl 5.8 or later). And it's quite readable.
readable or not, it is misleading to the reader. see my other post on that.
TZ> OTOH I wouldn't use map in a void context in code I plan to put on CPAN
TZ> or publish openly. I don't want a thousand Uris telling me it's wrong;
TZ> arguing such things is a waste of time but the annoyance will linger.
TZ> I've had similar arguments about my preference for 1-space indents.
indents can be changed with perltidy or editors. misleading code can't
be changed that way.
TZ> So judge the audience for your code and write it accordingly. When in
TZ> doubt, be conservative, explicit, and simple.
the audience judges your code, you don't judge the audience!
uri
--
Uri Guttman ------ uri@stemsystems.com -------- http://www.sysarch.com --
----- Perl Code Review , Architecture, Development, Training, Support ------
--------- Gourmet Hot Cocoa Mix ---- http://bestfriendscocoa.com ---------
------------------------------
Date: Thu, 11 Nov 2010 13:41:25 -0800
From: Keith Thompson <kst-u@mib.org>
Subject: Re: Foreach
Message-Id: <lny68z5yii.fsf@nuthaus.mib.org>
Keith Thompson <kst-u@mib.org> writes:
[...]
> Yes, I know what the "x" operator is. I'm just surprised that
> (...)x2
> tokenizes as
> ( ... ) x 2
> rather than as
> ( ... ) x2
> where "x2" would be a bareword (and a syntax error in this context).
>
> I'm accustomed to, for example, C's "maximal munch" rule, where
> as many characters as possible are gathered into a token, even
> if it would create a syntax error when the resulting token stream
> is parsed.
>
> I'm not *entirely* surprised that Perl plays tricks in this
> case to avoid a syntax error, but it doesn't do so in all cases.
> For example, Perl scans "$x+++++$y" as "$x ++ ++ + $y", even though
> it's a syntax error and "$x ++ + ++ $y" would be valid.
>
> As the saying goes, only perl can parse Perl. I certainly wouldn't
> count on "x2" being tokenized "correctly" if I wanted anyone to
> be able to read the resulting code (obviously not a goal of what
> we're doing here).
To make the point perhaps more clearly, I rather doubt that there's
anything in the Perl documentation from which one could reliably
conclude that "x2" in this context is treated an "x" operator
followed by a literal 2, rather than as a bareword (that would
result in a syntax error).
--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
------------------------------
Date: Thu, 11 Nov 2010 22:55:51 +0000 (UTC)
From: dmcanzi@remulak.uwaterloo.ca (David Canzi)
Subject: Re: Foreach
Message-Id: <ibhs9n$1qu$2@rumours.uwaterloo.ca>
In article <lnk4kj7ryx.fsf@nuthaus.mib.org>,
Keith Thompson <kst-u@mib.org> wrote:
>"Dr.Ruud" <rvtol+usenet@xs4all.nl> writes:
>> {local($\,$,)=($/)x2;print @ARGV}
>
>I'm mildly astonished that "x2" is tokenized as "x" followed by
>"2" and not as a bareword.
"The work of parsing perl is distributed between yacc, the lexer,
smoke and mirrors."
http://faq.perl.org/perlfaq7.html#Can_I_get_a_BNF_yacc
--
David Canzi | "We are here on Earth to fart around. Don't let
| anybody tell you any different." -- Kurt Vonnegut
| _A Man Without a Country_
------------------------------
Date: Thu, 11 Nov 2010 17:24:07 -0800 (PST)
From: "C.DeRykus" <derykus@gmail.com>
Subject: Re: Foreach
Message-Id: <f76b9bd6-f523-4167-8fe8-b3ecef25992c@g20g2000prg.googlegroups.com>
On Nov 11, 10:11=A0am, Keith Thompson <ks...@mib.org> wrote:
....
> >>> =A0 {local($\,$,)=3D($/)x2;print @ARGV}
>
> >>> also known as
>
> >>> =A0 print join( $/, @ARGV ), $/;
>
> >>> (though not fully equivalent)
>
> >> I'm mildly astonished that "x2" is tokenized as "x" followed by
> >> "2" and not as a bareword.
>
> ...
> Yes, I know what the "x" operator is. =A0I'm just surprised that
> =A0 =A0 (...)x2
> tokenizes as
> =A0 =A0 ( ... ) x 2
> rather than as
> =A0 =A0 ( ... ) x2
> where "x2" would be a bareword (and a syntax error in this context).
I'm not really surprised since the right paren
in ($/)x2 clearly would delimit a token break
(if that's the right characterization). Even
$/x2 without parens is ok which seems like
the parser helps out too:
perl -MO=3DDeparse -e "$/x2"
$/ x 2;
-e syntax OK
>
> I'm accustomed to, for example, C's "maximal munch" rule, where
> as many characters as possible are gathered into a token, even
> if it would create a syntax error when the resulting token stream
> is parsed.
Yes, that appears to happen in other cases. An
ordinary scalar for intance doesn't get special
handling like $/$x did:
perl -MO=3DDeparse -e "$xx2"
$xx2;
-e syntax OK
>
> I'm not *entirely* surprised that Perl plays tricks in this
> case to avoid a syntax error, but it doesn't do so in all cases.
> For example, Perl scans "$x+++++$y" as "$x ++ ++ + $y", even though
> it's a syntax error and "$x ++ + ++ $y" would be valid.
>
> As the saying goes, only perl can parse Perl. =A0I certainly wouldn't
> count on "x2" being tokenized "correctly" if I wanted anyone to
> be able to read the resulting code (obviously not a goal of what
> we're doing here).
>
Amen.
--
Charles DeRykus
------------------------------
Date: Fri, 12 Nov 2010 02:02:06 -0600
From: tadmc@seesig.invalid
Subject: Posting Guidelines for comp.lang.perl.misc ($Revision: 1.9 $)
Message-Id: <cJKdnZLCDNbjaUHRnZ2dnUVZ5hqdnZ2d@giganews.com>
Outline
Before posting to comp.lang.perl.misc
Must
- Check the Perl Frequently Asked Questions (FAQ)
- Check the other standard Perl docs (*.pod)
Really Really Should
- Lurk for a while before posting
- Search a Usenet archive
If You Like
- Check Other Resources
Posting to comp.lang.perl.misc
Is there a better place to ask your question?
- Question should be about Perl, not about the application area
How to participate (post) in the clpmisc community
- Carefully choose the contents of your Subject header
- Use an effective followup style
- Speak Perl rather than English, when possible
- Ask perl to help you
- Do not re-type Perl code
- Provide enough information
- Do not provide too much information
- Do not post binaries, HTML, or MIME
Social faux pas to avoid
- Asking a Frequently Asked Question
- Asking a question easily answered by a cursory doc search
- Asking for emailed answers
- Beware of saying "doesn't work"
- Sending a "stealth" Cc copy
Be extra cautious when you get upset
- Count to ten before composing a followup when you are upset
- Count to ten after composing and before posting when you are upset
-----------------------------------------------------------------
Posting Guidelines for comp.lang.perl.misc ($Revision: 1.9 $)
This newsgroup, commonly called clpmisc, is a technical newsgroup
intended to be used for discussion of Perl related issues (except job
postings), whether it be comments or questions.
As you would expect, clpmisc discussions are usually very technical in
nature and there are conventions for conduct in technical newsgroups
going somewhat beyond those in non-technical newsgroups.
The article at:
http://www.catb.org/~esr/faqs/smart-questions.html
describes how to get answers from technical people in general.
This article describes things that you should, and should not, do to
increase your chances of getting an answer to your Perl question. It is
available in POD, HTML and plain text formats at:
http://www.rehabitation.com/clpmisc.shtml
For more information about netiquette in general, see the "Netiquette
Guidelines" at:
http://andrew2.andrew.cmu.edu/rfc/rfc1855.html
A note to newsgroup "regulars":
Do not use these guidelines as a "license to flame" or other
meanness. It is possible that a poster is unaware of things
discussed here. Give them the benefit of the doubt, and just
help them learn how to post, rather than assume that they do
know and are being the "bad kind" of Lazy.
A note about technical terms used here:
In this document, we use words like "must" and "should" as
they're used in technical conversation (such as you will
encounter in this newsgroup). When we say that you *must* do
something, we mean that if you don't do that something, then
it's unlikely that you will benefit much from this group.
We're not bossing you around; we're making the point without
lots of words.
Do *NOT* send email to the maintainer of these guidelines. It will be
discarded unread. The guidelines belong to the newsgroup so all
discussion should appear in the newsgroup. I am just the secretary that
writes down the consensus of the group.
Before posting to comp.lang.perl.misc
Must
This section describes things that you *must* do before posting to
clpmisc, in order to maximize your chances of getting meaningful replies
to your inquiry and to avoid getting flamed for being lazy and trying to
have others do your work.
The perl distribution includes documentation that is copied to your hard
drive when you install perl. Also installed is a program for looking
things up in that (and other) documentation named 'perldoc'.
You should either find out where the docs got installed on your system,
or use perldoc to find them for you. Type "perldoc perldoc" to learn how
to use perldoc itself. Type "perldoc perl" to start reading Perl's
standard documentation.
Check the Perl Frequently Asked Questions (FAQ)
Checking the FAQ before posting is required in Big 8 newsgroups in
general, there is nothing clpmisc-specific about this requirement.
You are expected to do this in nearly all newsgroups.
You can use the "-q" switch with perldoc to do a word search of the
questions in the Perl FAQs.
Check the other standard Perl docs (*.pod)
The perl distribution comes with much more documentation than is
available for most other newsgroups, so in clpmisc you should also
see if you can find an answer in the other (non-FAQ) standard docs
before posting.
It is *not* required, or even expected, that you actually *read* all of
Perl's standard docs, only that you spend a few minutes searching them
before posting.
Try doing a word-search in the standard docs for some words/phrases
taken from your problem statement or from your very carefully worded
"Subject:" header.
Really Really Should
This section describes things that you *really should* do before posting
to clpmisc.
Lurk for a while before posting
This is very important and expected in all newsgroups. Lurking means
to monitor a newsgroup for a period to become familiar with local
customs. Each newsgroup has specific customs and rituals. Knowing
these before you participate will help avoid embarrassing social
situations. Consider yourself to be a foreigner at first!
Search a Usenet archive
There are tens of thousands of Perl programmers. It is very likely
that your question has already been asked (and answered). See if you
can find where it has already been answered.
One such searchable archive is:
http://groups.google.com/advanced_search
If You Like
This section describes things that you *can* do before posting to
clpmisc.
Check Other Resources
You may want to check in books or on web sites to see if you can
find the answer to your question.
But you need to consider the source of such information: there are a
lot of very poor Perl books and web sites, and several good ones
too, of course.
Posting to comp.lang.perl.misc
There can be 200 messages in clpmisc in a single day. Nobody is going to
read every article. They must decide somehow which articles they are
going to read, and which they will skip.
Your post is in competition with 199 other posts. You need to "win"
before a person who can help you will even read your question.
These sections describe how you can help keep your article from being
one of the "skipped" ones.
Is there a better place to ask your question?
Question should be about Perl, not about the application area
It can be difficult to separate out where your problem really is,
but you should make a conscious effort to post to the most
applicable newsgroup. That is, after all, where you are the most
likely to find the people who know how to answer your question.
Being able to "partition" a problem is an essential skill for
effectively troubleshooting programming problems. If you don't get
that right, you end up looking for answers in the wrong places.
It should be understood that you may not know that the root of your
problem is not Perl-related (the two most frequent ones are CGI and
Operating System related), so off-topic postings will happen from
time to time. Be gracious when someone helps you find a better place
to ask your question by pointing you to a more applicable newsgroup.
How to participate (post) in the clpmisc community
Carefully choose the contents of your Subject header
You have 40 precious characters of Subject to win out and be one of
the posts that gets read. Don't waste them. Take care while
composing them, they are the key that opens the door to getting an
answer.
Spend them indicating what aspect of Perl others will find if they
should decide to read your article.
Do not spend them indicating "experience level" (guru, newbie...).
Do not spend them pleading (please read, urgent, help!...).
Do not spend them on non-Subjects (Perl question, one-word
Subject...)
For more information on choosing a Subject see "Choosing Good
Subject Lines":
http://www.cpan.org/authors/id/D/DM/DMR/subjects.post
Part of the beauty of newsgroup dynamics, is that you can contribute
to the community with your very first post! If your choice of
Subject leads a fellow Perler to find the thread you are starting,
then even asking a question helps us all.
Use an effective followup style
When composing a followup, quote only enough text to establish the
context for the comments that you will add. Always indicate who
wrote the quoted material. Never quote an entire article. Never
quote a .signature (unless that is what you are commenting on).
Intersperse your comments *following* each section of quoted text to
which they relate. Unappreciated followup styles are referred to as
"top-posting", "Jeopardy" (because the answer comes before the
question), or "TOFU" (Text Over, Fullquote Under).
Reversing the chronology of the dialog makes it much harder to
understand (some folks won't even read it if written in that style).
For more information on quoting style, see:
http://web.presby.edu/~nnqadmin/nnq/nquote.html
Speak Perl rather than English, when possible
Perl is much more precise than natural language. Saying it in Perl
instead will avoid misunderstanding your question or problem.
Do not say: I have variable with "foo\tbar" in it.
Instead say: I have $var = "foo\tbar", or I have $var = 'foo\tbar',
or I have $var = <DATA> (and show the data line).
Ask perl to help you
You can ask perl itself to help you find common programming mistakes
by doing two things: enable warnings (perldoc warnings) and enable
"strict"ures (perldoc strict).
You should not bother the hundreds/thousands of readers of the
newsgroup without first seeing if a machine can help you find your
problem. It is demeaning to be asked to do the work of a machine. It
will annoy the readers of your article.
You can look up any of the messages that perl might issue to find
out what the message means and how to resolve the potential mistake
(perldoc perldiag). If you would like perl to look them up for you,
you can put "use diagnostics;" near the top of your program.
Do not re-type Perl code
Use copy/paste or your editor's "import" function rather than
attempting to type in your code. If you make a typo you will get
followups about your typos instead of about the question you are
trying to get answered.
Provide enough information
If you do the things in this item, you will have an Extremely Good
chance of getting people to try and help you with your problem!
These features are a really big bonus toward your question winning
out over all of the other posts that you are competing with.
First make a short (less than 20-30 lines) and *complete* program
that illustrates the problem you are having. People should be able
to run your program by copy/pasting the code from your article. (You
will find that doing this step very often reveals your problem
directly. Leading to an answer much more quickly and reliably than
posting to Usenet.)
Describe *precisely* the input to your program. Also provide example
input data for your program. If you need to show file input, use the
__DATA__ token (perldata.pod) to provide the file contents inside of
your Perl program.
Show the output (including the verbatim text of any messages) of
your program.
Describe how you want the output to be different from what you are
getting.
If you have no idea at all of how to code up your situation, be sure
to at least describe the 2 things that you *do* know: input and
desired output.
Do not provide too much information
Do not just post your entire program for debugging. Most especially
do not post someone *else's* entire program.
Do not post binaries, HTML, or MIME
clpmisc is a text only newsgroup. If you have images or binaries
that explain your question, put them in a publically accessible
place (like a Web server) and provide a pointer to that location. If
you include code, cut and paste it directly in the message body.
Don't attach anything to the message. Don't post vcards or HTML.
Many people (and even some Usenet servers) will automatically filter
out such messages. Many people will not be able to easily read your
post. Plain text is something everyone can read.
Social faux pas to avoid
The first two below are symptoms of lots of FAQ asking here in clpmisc.
It happens so often that folks will assume that it is happening yet
again. If you have looked but not found, or found but didn't understand
the docs, say so in your article.
Asking a Frequently Asked Question
It should be understood that you may have missed the applicable FAQ
when you checked, which is not a big deal. But if the Frequently
Asked Question is worded similar to your question, folks will assume
that you did not look at all. Don't become indignant at pointers to
the FAQ, particularly if it solves your problem.
Asking a question easily answered by a cursory doc search
If folks think you have not even tried the obvious step of reading
the docs applicable to your problem, they are likely to become
annoyed.
If you are flamed for not checking when you *did* check, then just
shrug it off (and take the answer that you got).
Asking for emailed answers
Emailed answers benefit one person. Posted answers benefit the
entire community. If folks can take the time to answer your
question, then you can take the time to go get the answer in the
same place where you asked the question.
It is OK to ask for a *copy* of the answer to be emailed, but many
will ignore such requests anyway. If you munge your address, you
should never expect (or ask) to get email in response to a Usenet
post.
Ask the question here, get the answer here (maybe).
Beware of saying "doesn't work"
This is a "red flag" phrase. If you find yourself writing that,
pause and see if you can't describe what is not working without
saying "doesn't work". That is, describe how it is not what you
want.
Sending a "stealth" Cc copy
A "stealth Cc" is when you both email and post a reply without
indicating *in the body* that you are doing so.
Be extra cautious when you get upset
Count to ten before composing a followup when you are upset
This is recommended in all Usenet newsgroups. Here in clpmisc, most
flaming sub-threads are not about any feature of Perl at all! They
are most often for what was seen as a breach of netiquette. If you
have lurked for a bit, then you will know what is expected and won't
make such posts in the first place.
But if you get upset, wait a while before writing your followup. I
recommend waiting at least 30 minutes.
Count to ten after composing and before posting when you are upset
After you have written your followup, wait *another* 30 minutes
before committing yourself by posting it. You cannot take it back
once it has been said.
AUTHOR
Tad McClellan and many others on the comp.lang.perl.misc newsgroup.
--
Tad McClellan
email: perl -le "print scalar reverse qq/moc.liamg\100cm.j.dat/"
The above message is a Usenet post.
I don't recall having given anyone permission to use it on a Web site.
------------------------------
Date: Thu, 11 Nov 2010 13:27:02 -0800
From: Keith Thompson <kst-u@mib.org>
Subject: Re: Using Perl to find what address bar says
Message-Id: <ln39r77dqx.fsf@nuthaus.mib.org>
Mart van de Wege <mvdwege@mail.com> writes:
> Keith Thompson <kst-u@mib.org> writes:
>> Mart van de Wege <mvdwege@mail.com> writes:
>>> jwcarlton <jwcarlton@gmail.com> writes:
>> [...]
>>>> I have a very clear understanding of how "web apps work."
>>>
>>> No you don't.
>>>
>>> You *cannot*, by definition, know what happens on the client. Not even
>>> with client-side scripting. You have to trust the client for that.
>>
>> I admit that *I* don't have a very clear understanding of how
>> web apps work, so the following is likely to be completely wrong.
>> I'd be interested in knowing what's wrong about it.
>>
>> Perl generally runs on the server side, and therefore doesn't
>> have access to the browser's (client's) internal information (in
>> this case, the contents of the address bar). Javascript generally
>> runs on the client side: the browser downloads Javascript code and
>> executes it locally. Have I got that right so far?
>>
>> Would it be possible for some Javascript code, running in the
>> browser, to query the contents of the address bar and then send
>> that information to code running on the server?
>
> Perhaps.
>
> However, you still run up against the fundamental problem: you're
> trusting the client. You cannot *know* for sure that the information is
> correct, because the client is in control of the information being sent
> to you.
Sure.
My point, I guess, is that the original poster was flamed to a
crisp for allegedly not knowing what he's talking about when he
asked how Perl code on the server side can find out what's in the
client's address bar.
Your "Perhaps" seems to imply that it's not obvious that what the
OP was asking about is impossible.
--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
------------------------------
Date: Thu, 11 Nov 2010 15:02:26 -0800
From: Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us>
Subject: Re: Using Perl to find what address bar says
Message-Id: <399uq7x1n7.ln2@goaway.wombat.san-francisco.ca.us>
On 2010-11-11, Keith Thompson <kst-u@mib.org> wrote:
> Mart van de Wege <mvdwege@mail.com> writes:
>>
>> Perhaps.
>>
>> However, you still run up against the fundamental problem: you're
>> trusting the client. You cannot *know* for sure that the information is
>> correct, because the client is in control of the information being sent
>> to you.
>
> Sure.
>
> My point, I guess, is that the original poster was flamed to a
> crisp for allegedly not knowing what he's talking about when he
> asked how Perl code on the server side can find out what's in the
> client's address bar.
>
> Your "Perhaps" seems to imply that it's not obvious that what the
> OP was asking about is impossible.
The OP first asked how to do this "in Perl", which already implied that
he didn't understand the concept of web applications; then, when he
resigned to do it in AJAX, complained that "Perl is dying every day",
thus turning his own misunderstanding of client-server communication
into an indictment of Perl. I'm pretty sure it's this latter that got
him flamed. (I'm also not sure how the OP thinks that someone using an
anonymizer won't be wise to short-circuit AJAX communication as well,
but I can imagine someone being told to install the anonymizer but not
that AJAX may or may not circumvent it.)
--keith
--
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
------------------------------
Date: Thu, 11 Nov 2010 19:46:22 -0800 (PST)
From: Ben Goldberg <ben-goldberg@hotmail.com>
Subject: Re: Using Perl to find what address bar says
Message-Id: <2b8b0f87-fa5e-42b1-8e38-0017a0cfb066@z17g2000prz.googlegroups.com>
On Nov 11, 11:28=A0am, Keith Thompson <ks...@mib.org> wrote:
> Mart van de Wege <mvdw...@mail.com> writes:
>
> > jwcarlton <jwcarl...@gmail.com> writes:
> [...]
> >> I have a very clear understanding of how "web apps work."
>
> > No you don't.
>
> > You *cannot*, by definition, know what happens on the client. Not even
> > with client-side scripting. You have to trust the client for that.
>
> I admit that *I* don't have a very clear understanding of how
> web apps work, so the following is likely to be completely wrong.
> I'd be interested in knowing what's wrong about it.
>
> Perl generally runs on the server side, and therefore doesn't
> have access to the browser's (client's) internal information (in
> this case, the contents of the address bar). =A0Javascript generally
> runs on the client side: the browser downloads Javascript code and
> executes it locally. =A0Have I got that right so far?
>
> Would it be possible for some Javascript code, running in the
> browser, to query the contents of the address bar and then send
> that information to code running on the server?
>
> My first thought is that this could open up serious security holes,
> and that there are measures already in place to prevent it, but I
> don't know the details.
By the time the javascript code has been downloaded by the browser,
the url will have changed!
That is, the user starts out viewing page A, and the url for A is in
his browser's address bar.
Page A has a link to the CGI script, B.
The user clicks on the link.
The new page (with javascript in it) comes back to the browser. But
the browser's address bar now shows the url for B.
The url of the prior page (A) may not be accessible to the JS Script,
because browsers often limit what scripts can see for security
purposes.
Thus, the JavaScript only knows that the address bar *now* is B. Even
then, it might not know that, if the script has been filtered so that
it doesn't see the real variables. For example, normally a page's
location is available in via the javascript variable location.href,
but location might be replaced with a different object, whose .href
field contains a different url. With a good quality web anonymizer,
this might be done to improve transparency. Of course, they might
take the easy way out, and strip out any javascript entirely!
The client side javascript script can activate the browser's "back"
functionality (using history.back(), or history.go(-1)), but often
(for reasons mentioned above) won't see anything in the
history.previous field.
Similarly, if the browser hasn't sent the url of A to the web server,
then the server won't pass A's url in via the HTTP_REFERER environment
variable. For that matter, if the user is using an anonymiser, you
can be absolutely positive that it won't send in url A as the referrer
-- it might send nothing, or might make up some random garbage. You
also won't get a referrer if url A was an https page. You also won't
get a referrer if your page was typed into the url bar of the browser
directly. You also won't get a referrer if your page was bookmarked,
and accessed via that bookmark. You also won't get a referrer if
someone made your page their browser's home page, and they clicked
home. You also won't get a referrer if your page is accessed by a web
crawler. Etc, etc,.
Hardly any of this has anything to do with Perl, of course.
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
Back issues are available via anonymous ftp from
ftp://cil-www.oce.orst.edu/pub/perl/old-digests.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V11 Issue 3207
***************************************
