FAQ
Hi All,
I've a situation where I create a hash variable in PERL and
use it in Java script which is embedded in the CGI. The key for that
hash is taken from JavaScript. For ex:

----- CGI code----
my %hash{3}=300;
------JScript code---
var var1 = 3;
var variable = $hash{var1};
------------------------
When I run such a script, it is failing at the 3rd
statement above. Can someone help me in resolving this?

Search Discussions

  • Shlomi Fish at Feb 2, 2010 at 11:47 am
    Hi Venu!
    On Tuesday 02 Feb 2010 09:19:27 venu madhav wrote:
    Hi All,
    I've a situation where I create a hash variable in PERL and
    use it in Java script which is embedded in the CGI. The key for that
    hash is taken from JavaScript. For ex:
    Regarding "PERL" - it's either "perl" or "Perl" but never "PERL":

    http://perl.org.il/misc.html#pl_vs_pl
    ----- CGI code----
    my %hash{3}=300;
    That's invalid Perl and you probably mean:

    <<<
    my %hash = (3 => 300);
    >>>

    Or alternatively:

    <<<
    my %hash;
    $hash{3} = 300;
    >>>
    ------JScript code---
    var var1 = 3;
    var variable = $hash{var1};
    That's invalid JavaScript. You need hash[var1];
    ------------------------
    When I run such a script, it is failing at the 3rd
    statement above. Can someone help me in resolving this?
    Please go to http://perl-begin.org/ and find a good resource to learn Perl. To
    qoute Mark Jason Dominus "You can't just make shit up and expect the computer
    to magically understand what you mean, retardo!".

    You can look at JSON to pass data from your Perl scripts to your JavaScript
    code:

    http://search.cpan.org/search?query=json&mode=all

    Regards,

    Shlomi Fish

    --
    -----------------------------------------------------------------
    Shlomi Fish http://www.shlomifish.org/
    Interview with Ben Collins-Sussman - http://shlom.in/sussman

    Deletionists delete Wikipedia articles that they consider lame.
    Chuck Norris deletes deletionists whom he considers lame.

    Please reply to list if it's a mailing list post - http://shlom.in/reply .
  • Erez Schatz at Feb 2, 2010 at 12:01 pm

    On 2 February 2010 13:46, Shlomi Fish wrote:

    Regarding "PERL" - it's either "perl" or "Perl" but never "PERL":

    http://perl.org.il/misc.html#pl_vs_pl
    What does have got to do with the question?
    Please go to http://perl-begin.org/ and find a good resource to learn Perl. To
    qoute Mark Jason Dominus "You can't just make shit up and expect the computer
    to magically understand what you mean, retardo!".
    Is there a good reason why you feel that insulting people is a good
    way to answer? If you have no other solution for an OP rather than
    posting a link to one of your sites and insulting them, I suggest you
    refrain from sending that reply, it is not helping.

    --
    Erez

    "The government forgets that George Orwell's 1984 was a warning, and
    not a blueprint"
    http://www.nonviolent-conflict.org/ -- http://www.whyweprotest.org/
  • Shlomi Fish at Feb 2, 2010 at 1:04 pm

    On Tuesday 02 Feb 2010 14:00:26 Erez Schatz wrote:
    On 2 February 2010 13:46, Shlomi Fish wrote:
    Regarding "PERL" - it's either "perl" or "Perl" but never "PERL":

    http://perl.org.il/misc.html#pl_vs_pl
    What does have got to do with the question?
    It doesn't, but it was a mistake that indicated ignorance and the right thing
    to do was to correct it so they won't make the mistake again.
    Please go to http://perl-begin.org/ and find a good resource to learn
    Perl. To qoute Mark Jason Dominus "You can't just make shit up and
    expect the computer to magically understand what you mean, retardo!".
    Is there a good reason why you feel that insulting people is a good
    way to answer?
    Sorry, I may still have been in a bad mood from earlier. In any case, this
    quote was right on the mark in this case, as the OP was obviously inventing
    syntax.
    If you have no other solution for an OP rather than
    posting a link to one of your sites and insulting them, I suggest you
    refrain from sending that reply, it is not helping.
    My reply also contained a factual answer why what they tried did not work and
    how to remedy it (you trimmed it in your reply). And http://perl-begin.org/ ,
    while being one of my sites, is nevertheless exactly what the OP needs at this
    point.

    I may have insulted them and I apologise for that (although I was quoting an
    old joke from MJD), but my response was still helpful.

    Regards,

    Shlomi Fish

    --
    -----------------------------------------------------------------
    Shlomi Fish http://www.shlomifish.org/
    Interview with Ben Collins-Sussman - http://shlom.in/sussman

    Deletionists delete Wikipedia articles that they consider lame.
    Chuck Norris deletes deletionists whom he considers lame.

    Please reply to list if it's a mailing list post - http://shlom.in/reply .
  • Erez Schatz at Feb 2, 2010 at 12:12 pm

    On 2 February 2010 09:19, venu madhav wrote:

    I've a situation where I create a hash variable in PERL and
    use it in Java script which is embedded in the CGI. The key for that
    hash is taken from JavaScript. For ex:

    ----- CGI code----
    my %hash{3}=300;
    ------JScript code---
    var var1 = 3;
    var variable = $hash{var1};
    ------------------------
    At the creation of the CGI document, you can embed elements from the
    Perl code in the site. In essence, what you may want to do is
    print '<script type="text/javascript>';
    print "var variable=$hash{3};";

    which would interpolate into whatever value is there at the hash.
    However, if the "var1" variable is changing at the client, you will
    need to send the value back to the server if you want to get an answer
    from the Perl hash.

    In order for us to supply you with a better, more correct, answer, I
    recommend you send us more information regarding both the nature of
    your question, as well as the actual code that revolves around these
    lines. (i.e. more context).

    --
    Erez

    "The government forgets that George Orwell's 1984 was a warning, and
    not a blueprint"
    http://www.nonviolent-conflict.org/ -- http://www.whyweprotest.org/
  • Shlomi Fish at Feb 2, 2010 at 1:07 pm

    On Tuesday 02 Feb 2010 14:12:01 Erez Schatz wrote:
    On 2 February 2010 09:19, venu madhav wrote:
    I've a situation where I create a hash variable in PERL and
    use it in Java script which is embedded in the CGI. The key for that
    hash is taken from JavaScript. For ex:

    ----- CGI code----
    my %hash{3}=300;
    ------JScript code---
    var var1 = 3;
    var variable = $hash{var1};
    ------------------------
    At the creation of the CGI document, you can embed elements from the
    Perl code in the site. In essence, what you may want to do is
    print '<script type="text/javascript>';
    print "var variable=$hash{3};";
    Ahmm... no. What if someone does this:

    <<<
    my %hash = (3 => <<"EOF");
    </script>
    <script type="text/javascript">
    <!--- Insert nasty JS here --->
    </script>
    <img src="spammer stuff."...
    >>>

    This is called a cross-site scripting attack (
    http://en.wikipedia.org/wiki/Cross-site_scripting ) and is very serious.
    Please use a good JSON module to pass and encode data to JavaScript.

    Regards,

    Shlomi Fish
    which would interpolate into whatever value is there at the hash.
    However, if the "var1" variable is changing at the client, you will
    need to send the value back to the server if you want to get an answer
    from the Perl hash.

    In order for us to supply you with a better, more correct, answer, I
    recommend you send us more information regarding both the nature of
    your question, as well as the actual code that revolves around these
    lines. (i.e. more context).
    --
    -----------------------------------------------------------------
    Shlomi Fish http://www.shlomifish.org/
    "Humanity" - Parody of Modern Life - http://shlom.in/humanity

    Deletionists delete Wikipedia articles that they consider lame.
    Chuck Norris deletes deletionists whom he considers lame.

    Please reply to list if it's a mailing list post - http://shlom.in/reply .
  • Erez Schatz at Feb 2, 2010 at 1:21 pm

    On 2 February 2010 15:06, Shlomi Fish wrote:
    Ahmm... no.
    Are you physically unable to say anything in a social manner?
    <<<
    my %hash = (3 => <<"EOF");
    </script>
    <script type="text/javascript">
    <!--- Insert nasty JS here --->
    </script>
    <img src="spammer stuff."...
    This is called a cross-site scripting attack (
    http://en.wikipedia.org/wiki/Cross-site_scripting ) and is very serious.
    If someone accessed my server, and rewrote my CGI script, I probably
    don't need to worry about cross-side scripting attacks. As it is, I
    specifically mentioned that this can be used to pass variables from
    Perl to the html document. For the other way, I asked for the OP to
    supply us with more information.
    Please use a good JSON module to pass and encode data to JavaScript.
    No need to plead, and even so, there are other ways of passing data to
    either side; however, this is a beginner-level plain CGI question,
    which is a few levels lower than the point you are trying to make.

    --
    Erez

    "The government forgets that George Orwell's 1984 was a warning, and
    not a blueprint"
    http://www.nonviolent-conflict.org/ -- http://www.whyweprotest.org/
  • Shlomi Fish at Feb 2, 2010 at 3:56 pm
    Hi Erez!
    On Tuesday 02 Feb 2010 15:20:16 Erez Schatz wrote:
    On 2 February 2010 15:06, Shlomi Fish wrote:
    Ahmm... no.
    Are you physically unable to say anything in a social manner?
    I apologise for writing my posts in a rude manner. See below for my response.
    <<<
    my %hash = (3 => <<"EOF");
    </script>
    <script type="text/javascript">
    <!--- Insert nasty JS here --->
    </script>
    <img src="spammer stuff."...
    This is called a cross-site scripting attack (
    http://en.wikipedia.org/wiki/Cross-site_scripting ) and is very serious.
    If someone accessed my server, and rewrote my CGI script, I probably
    don't need to worry about cross-side scripting attacks. As it is, I
    specifically mentioned that this can be used to pass variables from
    Perl to the html document. For the other way, I asked for the OP to
    supply us with more information.
    You're right that in this case one will have bigger problems. However, telling
    beginners that they should simply interpolate variables into the HTML may lead
    them into thinking this is always the right thing to do, including in cases
    where it is a function of user-input. And then you have thousands of scripts
    written by beginners with XSS vulnerabilities.

    I believe prevention is better than the cure and that we should instruct
    newcomers on the proper way to write safe Perl code. Here are a few resources
    for that:

    1. http://perl-begin.org/ .

    2. http://perl-begin.org/uses/web/ .

    3. http://jdporter.perlmonk.org/cgi_course/ .

    4. http://community.livejournal.com/shlomif_tech/35301.html - "Code/Markup
    Injection and Its Prevention".
    Please use a good JSON module to pass and encode data to JavaScript.
    No need to plead, and even so, there are other ways of passing data to
    either side;
    Well, if you are going to assign to a JavaScript variable, you should use
    JSON.
    however, this is a beginner-level plain CGI question,
    which is a few levels lower than the point you are trying to make.
    It is still instructive to instruct beginners on the dangers of code/markup
    injection.

    Regards,

    Shlomi Fish

    --
    -----------------------------------------------------------------
    Shlomi Fish http://www.shlomifish.org/
    Stop Using MSIE - http://www.shlomifish.org/no-ie/

    Deletionists delete Wikipedia articles that they consider lame.
    Chuck Norris deletes deletionists whom he considers lame.

    Please reply to list if it's a mailing list post - http://shlom.in/reply .
  • Peter Scott at Feb 7, 2010 at 3:28 pm

    On Mon, 01 Feb 2010 23:19:27 -0800, venu madhav wrote:

    Hi All,
    I've a situation where I create a hash variable in PERL and
    use it in Java script which is embedded in the CGI. The key for that
    hash is taken from JavaScript. For ex:

    ----- CGI code----
    my %hash{3}=300;
    ------JScript code---
    var var1 = 3;
    var variable = $hash{var1};
    ------------------------
    When I run such a script, it is failing at the 3rd
    statement above. Can someone help me in resolving this?
    No, your error is on the first line above. It has a syntax error and does
    not compile.

    Get your program running from the command line first and check the
    JavaScript output by hand to see whether it wrote out what you thought
    it should. Then put that output into a static page and check that your
    browser loads and execute it correctly. You are not ready to take all
    these steps at once.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupbeginners @
categoriesperl
postedFeb 2, '10 at 7:20a
activeFeb 7, '10 at 3:28p
posts9
users4
websiteperl.org

People

Translate

site design / logo © 2022 Grokbase