Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>If you're using Dojo, it might be worth to look at the <code>dojox/layout/ContentPane</code> module (<a href="http://dojotoolkit.org/reference-guide/1.9/dojox/layout/ContentPane.html" rel="nofollow">reference guide</a>). It's quite similar to the <code>dijit/layout/ContentPane</code> variant but with one special extension, that it allows executing the JavaScript on that page (using <code>eval()</code>).</p> <p>So if you don't want to do all that work by yourself, you could do something like:</p> <pre class="lang-html prettyprint-override"><code>&lt;div data-dojo-type="dojox/layout/ContentPane" data-dojo-props="href: myXhrUrl, executeScripts: true"&gt;&lt;/div&gt; </code></pre> <p>If you're concerned about it being a <strong>DojoX</strong> module (DojoX will disappear in Dojo 2.0), the module is labeled as <strong>maintained</strong>, so it has a higher chance of being integrated in <code>dijit</code> in later versions.</p> <hr> <p>As an anwer to your <code>eval()</code> safety question (in comments). Well, it's allowed of course, else they wouldn't have such a function called <code>eval()</code>. But indeed, it's less secure, the reason for this is that the client in fact trusts the server and executes everything the server sends to the client.</p> <p>Normally, there are no problems unless the server sends malicious content (this could be due to an issue on your server or man in the middle attacks) which will be executed and thus, causing an XSS vulnerability.</p> <p>In the ideal world the server only sends data and the client interpretes this data and renders it by himself. In this design, the client only trusts data from the server, so no malicious logic can be executed (so there will be no XSS vulnerability).</p> <p>It's unlikely that it will happen and the ideal world solution is not even possible in many cases since the initial page request (loading your webpage) is in fact a similar scenario where the client executes whatever the server sends.</p> <p>Web application security is not about being 100% safe (it's impossible), but it's to try to create as less as possible open doors that can be used by hackers. It's up to you what you consider safe and to verify if the "ideal world" solution is possible in this specific scenario (it might not be, or it might take too much time compared to the other solution).</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload