HTML/Middle-click/Security question...
Madison Kelly
linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Sat Mar 10 02:02:46 UTC 2007
Hi all,
For security reasons, on a site I am writing I have made it so that
you cannot pass variables in the URL (ie:
http://domain.com/cgi-bin/script.cgi?foo=bar&baz=boo fails). I do this
by only allowing variables to be passed via a form by checking that the
script was called via a POST instead of a GET command before CGI
variables are read.
So for the search engine portion I return each result as a small form
with the title of the search result being the submit button. I use CSS
to make it look like regular text. I do this because I want the site to
work without javascript. Given the ever-growing number of
javascript-based security flaws coming out these days I know many more
people are turning off JS in their browser (like my b/f, for example).
So this brings me to my question:
How can I make a click-able search result that sends a POST to the
server, works without javascript and supports middle-clicking to open
the search result in a new tab?
Currently, with the scheme I have, you can't middle-click on the
result at all because it is a form 'submit' button (but looks like
normal text). This is really not good, given that middle-clicking on
search results is a big sell for tabbed browsers. :)
Any ideas/suggestions/pointers will be *much* appreciated!
A stumped Madison.
PS - In case it's relevant, I am using Perl/Apache2/PostgreSQL8.1
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list