Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re^2: Pass hard coded param CGI post

by jcb (Vicar)
on Jun 29, 2020 at 23:42 UTC ( #11118686=note: print w/replies, xml ) Need Help??


in reply to Re: Pass hard coded param CGI post
in thread Pass hard coded param CGI post

this pattern of HTML form + cgi processor is inferior to using a modern JavaScript async call to send the data to a RESTful API endpoint (like /cgi-bin/rob/gfgf with method=DELETE, encoded as application/json

I do have to stop and take issue with this. A key principle on the Web is graceful degradation. Nearly all interactive browsers support forms, including such oddballs as Lynx and other curses-based browsers that do not require a graphical display. You can have a fancy JavaScript frontend, but you should still have basic forms — perhaps the CGI form processor translates the form submission to a RESTful request — for browsers that do not support JavaScript and users that choose not to run JavaScript.

That last note is a legitimate choice no matter how many hipster Web developers whine about it — nearly all client-side Web security exploits in the modern era have depended 100% on JavaScript to run. Disabling JavaScript is very much legitimate security advice, unless of course you want your files ransomwared.

Replies are listed 'Best First'.
Re^3: Pass hard coded param CGI post
by Anonymous Monk on Jun 30, 2020 at 01:19 UTC
    nearly all client-side Web security exploits in the modern era have depended 100% on JavaScript to run[citation needed]

      Then provide some counterexamples. Even Internet Explorer (as far as I know, the only browser to ever be exploitable with only plain HTML) had those problems only in the late 1990s. All of the recent exploits I remember off the top of my head have been JavaScript JIT bugs.

        Just dog piling IE: it was exploitable at one time or another in every conceivable way, including a character set attack.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11118686]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (6)
As of 2020-09-22 01:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    If at first I donít succeed, I Ö










    Results (127 votes). Check out past polls.

    Notices?