Example using: ajax |
fopen()
|
libcurl
Retrieved result goes here
This code:
<?php echo "<html><body>"; echo "Example using: ajax"; echo " | <a href='fopen.php'>fopen()</a>"; echo " | <a href='libcurl.php'>libcurl</a><br>"; echo "<hr>"; echo "<div id='result'>Retrieved result goes here</div>"; ?> <script> // XSS. Storing: // hello</a><img src=bogus onerror=alert(1337)><a href=""> // is an XSS vuln: sanitise text before use. In practice, I only seem to // use .innerHtml for use so either .innerHtml = escapeHtml(unsafe) or // name vars as safe/unsafe and only assign a safe to .innerHtml // // bjornd @ http://stackoverflow.com/questions/6234773/can-i-escape-html-special-chars-in-javascript function escapeHtml(unsafe) { return unsafe .replace(/&/g, "&") .replace(/</g, "<") .replace(/>/g, ">") .replace(/"/g, """) .replace(/'/g, "'"); } //" <-- emacs discolours below unless I terminate the stroke-quote-stroke above var newmark = 'pk-fireexit'; var language = 'en-CA'; var user = 1; // no provision made for detecting errors var xhReq = new XMLHttpRequest(); // https://rest.mpsvr.com/xlates/1/Hello,-world/en-CA/anonymous/2311 xhReq.open("GET", "https://rest.mpsvr.com/xlates/7/xkcd-red-rover-el4/en-CA/anonymous/228", false); xhReq.setRequestHeader('Authorization', 'Basic dGVzdDA1OnRlc3Q='); xhReq.setRequestHeader('X-APIKey', '798e31c43d6b9f03aa504a6f88cb4550'); xhReq.setRequestHeader('Accept', 'application/json'); xhReq.send(null); var serverResponse = xhReq.responseText; if (xhReq.status === '200') { var display = JSON.parse(serverResponse); } else { var display = xhReq.responseText; } document.getElementById('result').innerHTML = escapeHtml(display); </script> <?php echo "<hr>"; $code = htmlentities(file_get_contents("ajaxxy.php")); echo "<br>This code:<br><textarea cols=100 rows=50>"; echo $code; echo "</textarea>"; echo "</body></html>"; ?>