Leser: 23
2010-06-28T15:52:33 reneeedit2: Aber eigentlich würde ich das eher über ein Template-System lösen als mit CGI.pm
1
2
3
4
5
6
7
8
9
10
11
$template->params(
mein_popup => $cgi->popup_menu (
-name => $feldname,
-id => $feldname,
-values => \@Values,
-labels => \%Labels,
-onChange => $onchange,
-default => $default,
-attributes => \%attributes,
),
);
2010-06-29T09:46:48 reneeAber wenn Du für Dich selbst entschieden hast, das so zu machen, dann ist das auch ok TIMTOWTDI ;-)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
#!/usr/bin/perl use strict; use warnings; use HTML::Template::Compiled; my $bad_userinput = "<script>alert('test');</script>"; my $options = [ { value => 1, label => 'option 1' }, { value => 2, label => 'option 2' }, ]; my $template = HTML::Template::Compiled->new( filename => 'test.tmpl', default_escape => 'html', ); $template->params( bad_userinput => $bad_userinput, options => $options, ); print $template->output;
1 2 3 4 5 6 7 8 9
<html> <body> <p>Boese Benutzereingabe: <%= bad_userinput %></p> <select> <%LOOP options %><option value="<%= value %>"><%= label %></option> <%/LOOP %> </select> </body> </html>
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
#!/usr/bin/perl use strict; use warnings; use CGI; use HTML::Entities; my $bad_userinput = "<script>alert('test');</script>"; my %options = ( 'option 1' => 1, 'option 2' => 2, ); my $escaped_input = encode_entities( $bad_userinput ); print CGI->start_html() . CGI->p( 'Boese Benutzereingabe ' . $escaped_input ) . CGI->popup_menu( -values => [ keys %options ], -labels => \%options, ) . CGI->end_html();
1 2 3 4 5 6 7 8 9 10
... my %options = ( 'option 1' => 1, 'option 2' => 2, ); ... $template->param( options => \%options ); ...
1 2 3 4 5
<select> <%EACH options %> <option value="<%= __value__ %>"><%= __key__ %></option> <%/EACH options %> </select>
1 2 3 4 5 6
$htc->param( arrayref => [ 'opt_2', # selected ['opt_1', 'option 1'], ['opt_2', 'option 2'], ], );
1
2
3
4
<select>
<option value="opt_1">option 1</option>
<option value="opt_2" selected="selected">option 2</option>
</select>