Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Javascript -> Shell Script
Top Forums Web Development Javascript -> Shell Script Post 302228432 by era on Sunday 24th of August 2008 01:08:55 PM
Old 08-24-2008
Shell script is kind of brittle when it comes to proper quoting of user-specified arguments etc so you need to be really careful here. Perhaps wrapping the call in PHP is not such a bad idea (although PHP too has a bit of a track record when it comes to security problems .... /me ducks) and make really really sure you use proper quoting everywhere in the script and in everything which invokes it. And keep in mind that security checks in JavaScript are ineffective; somebody could simply be connecting directly to the CGI script, without going through your form (or with JavaScript disabled).

As such, it's not very hard to split on & with IFS='&'. IFS=& query_string - Google Search brings up some matches but I would regard all of them with extreme suspicion. If you see a variable interpolation without double quotes around it, run away.
Last edited by era; 08-24-2008 at 02:13 PM.. Reason: Note that JavaScript input checking is ineffective
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Javascript: Edit a script ?

Hi, i got this script but when i hit reset i loose the times in the form box. Can someone please edit this script so when i hit reset i dont loose the times in the form box's and also have a button to reset everything, including the form boxs <script language="javascript"> // stopwatch... (1 Reply)
Discussion started by: perleo
1 Replies

2. Shell Programming and Scripting

Calling Shell script in javascript

All I want to call a KORN shell script inside a javascript. Is it possible ? Please help me to do this. I want to return or read from shell script in javascript. Thanx in advance Regards Deepak Xavier (1 Reply)
Discussion started by: DeepakXavier
1 Replies

3. Shell Programming and Scripting

How to use ssh execute other shell script on other host (shell script include nohup)?

i want use ssh on the host01 to execute autoexec.sh on the host02 like following : host01> ssh host02 autoexec.sh autoexec.sh include nohup command like follwing : nohup /home/jack/deletedata.sh & after i execute ssh host02 autoexec.sh one the host01. i can't found deletedata.sh... (1 Reply)
Discussion started by: orablue
1 Replies

4. Web Development

Why using this kind of format in Web Development <script type="text/javascript"><!-- ...//--></scrip

I am just wondering why do programmers are using this when programming the web? When you making a joomla templates and the more focus in your mind is to target the search engines then java is very important.Not to use that. (2 Replies)
Discussion started by: Anna Hussie
2 Replies

5. Shell Programming and Scripting

want to use javascript as shell script

<html> <head> <title>Weather & Aviation Page - METAR decoder</title> <meta name="Title" content="Weather & Aviation Page - METAR decoder"> <meta name="Keywords" content="METAR decoder"> <meta name="Publisher" content="SkyStef"> <meta name="Description" content="SkyStefs weather and aviation... (4 Replies)
Discussion started by: anuajay1988
4 Replies

6. Shell Programming and Scripting

How to use javascript code in unix shell?

Hi Need help...I have wrritten one code for html through shell scripting in that i am using java scripts to validate some condition and open the html page without clicking the button.... Code Details echo "<script type="text/javascript">" echo "function exec_refresh()" echo "{" ... (4 Replies)
Discussion started by: l_gshankar24
4 Replies

7. Shell Programming and Scripting

Unable to pass shell script variable to awk command in same shell script

I have a shell script (.sh) and I want to pass a parameter value to the awk command but I am getting exception, please assist. diff=$1$2.diff id=$2 new=new_$diff echo "My id is $1" echo "I want to sync for user account $id" ##awk command I am using is as below cat $diff | awk... (2 Replies)
Discussion started by: Ashunayak
2 Replies

8. Web Development

Javascript to check field is empty then execute rest of script

I have found this bit of code that nearly does what I want. Basically 3 input fields, I want to copy t2 to t3 as it's typed but only if t1 contains data AND t3 is empty: <input type="text" id="t1" /> <input type="text" id="t2" /> <input type="text" id="t3" /> <script> var t2 =... (4 Replies)
Discussion started by: barrydocks
4 Replies

9. Shell Programming and Scripting

How to write config shell script to pass variables in master shell script?

Dear Unix gurus, We have a config shell script file which has 30 variables which needs to be passed to master unix shell script that invokes oracle database sessions. So those 30 variables need to go through the database sessions (They are inputs) via a shell script. one of the variable name... (1 Reply)
Discussion started by: dba1981
1 Replies

10. Shell Programming and Scripting

How to use JavaScript in UNIX Shell scripting?

I want to navigate through a webpage and save that page in my system local automatically. How can I do that by using JavaScript in a Unix shell script. Any suggestions are welcome! (3 Replies)
Discussion started by: abhi3093
3 Replies

LEARN ABOUT PHP

urlencode

URLENCODE(3)								 1							      URLENCODE(3)

urlencode - URL-encodes string

SYNOPSIS

       string urlencode (string  $str)

DESCRIPTION

	This  function is convenient when encoding a string to be used in a query part of a URL, as a convenient way to pass variables to the next
       page.

PARAMETERS

	      o $str
		- The string to be encoded.

RETURN VALUES

	Returns a string in which all non-alphanumeric characters except -_. have been replaced with a percent ( %) sign followed by two hex  dig-
       its and spaces encoded as plus ( +) signs. It is encoded the same way that the posted data from a WWW form is encoded, that is the same way
       as in application/x-www-form-urlencoded media type. This differs from the RFC 3986 encoding (see rawurlencode(3)) in  that  for	historical
       reasons, spaces are encoded as plus (+) signs.

EXAMPLES

       Example #1

	      urlencode(3) example

	      <?php
	      echo '<a href="mycgi?foo=', urlencode($userinput), '">';
	      ?>

       Example #2

	      urlencode(3) and htmlentities(3) example

	      <?php
	      $query_string = 'foo=' . urlencode($foo) . '&bar=' . urlencode($bar);
	      echo '<a href="mycgi?' . htmlentities($query_string) . '">';
	      ?>

NOTES

       Note

	       Be  careful  about  variables  that  may  match HTML entities. Things like &amp, &copy and &pound are parsed by the browser and the
	      actual entity is used instead of the desired variable name. This is an obvious hassle that the W3C has been telling people about for
	      years. The reference is here: http://www.w3.org/TR/html4/appendix/notes.html#h-B.2.2.

	       PHP  supports  changing	the  argument separator to the W3C-suggested semi-colon through the arg_separator .ini directive. Unfortu-
	      nately most user agents do not send form data in this semi-colon separated format. A more portable way around this is to	use  &amp;
	      instead  of  &  as  the separator. You don't need to change PHP's arg_separator for this. Leave it as &, but simply encode your URLs
	      using htmlentities(3) or htmlspecialchars(3).

SEE ALSO

       urldecode(3), htmlentities(3), rawurlencode(3), rawurldecode(3), RFC 3986.

PHP Documentation Group 													      URLENCODE(3)
All times are GMT -4. The time now is 01:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy