Print

Print


Hey Ken. I looked at the code for that AJAX Crud thing and I don't recommend
using it. Their demo doesn't filtering against XSS and likely SQL Injection.
For example, I was able to insert a <!cript
type="text/javascript">alert('hey');</script>. Use with caution.

http://en.wikipedia.org/wiki/SQL_injection
http://en.wikipedia.org/wiki/Cross-site_scripting


On Thu, May 12, 2011 at 2:38 PM, Madrigal, Juan A <[log in to unmask]>wrote:

> I'd be curious.
>
> Thanks,
>
> Juan Madrigal
>
> Web Developer
> University of Miami
> Richter Library
>
> On 5/12/11 3:56 PM, "Jason Griffey" <[log in to unmask]> wrote:
>
> >We are actually right in the middle of a massive weeding project here
> >at UTC, and my Web Tech librarian, Andrea Schurr (whom some of you
> >probably met at C4L this year) built a really cool system to handle
> >it. We aren't using ajax (although I argued for it, she talked me out
> >of it). However, our project necessitates feedback from subject
> >faculty, so it has the ability to allow for the Chemistry faculty, for
> >example, to review the discard list, mark items to keep, and that list
> >is then further reviewed by Library liaisons to make sure the faculty
> >aren't just telling us to keep everything. :-)
> >
> >It's all pre-populated with our bib data. She's on vacation this week,
> >but the plan is to open-source the setup asap. If anyone is
> >interested, drop me a line and I'll make sure and let you know when we
> >get it up.
> >
> >Jason
> >
> >
> >On Thu, May 12, 2011 at 1:44 PM, Ken Irwin <[log in to unmask]> wrote:
> >> AJAX for slickness and ease of use. We could do form html, but I'd
> >>prefer something that's updated in real time.
> >>
> >> As for the scanner -- my plan was to pre-populate the database from our
> >>OPAC, so we won't need to scan each book individually.)
> >>
> >> Ken
> >>
> >> -----Original Message-----
> >> From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of
> >>Dave Caroline
> >> Sent: Thursday, May 12, 2011 11:39 AM
> >> To: [log in to unmask]
> >> Subject: Re: [CODE4LIB] ajaxy CRUD / weeding helper
> >>
> >> Why ajax! just a plain html form
> >> and add a barcode scanner, to pick that books data from the db
> >>
> >> Scan shelf, scan contents, you now have updated list of contents and
> >> books gone awol
> >>
> >> jump to updating page
> >> scan book, update, rinse repeat
> >>
> >>
> >>
> >> Dave Caroline
> >>
>