我的主要目标是使用 python cgi 脚本将 javascript 变量保存到 mysql db。这是 js 变量的内容:
<li style="width: 300px; background-color: white; list-style-image: url(http://champ/images/plus.gif); ">Costco
<input style="float: right; display: none; " type="image" src="/images/next_level.png" alt="Submit button" onclick="newLevel(this)">
<input style="float: right; margin-right: 7px; display: none; " type="image" src="/images/b_add.png" alt="Submit button" onclick="addItem(this)">
<input style="float: right; margin-right: 7px; display: none; " type="image" src="/images/b_edit.png" alt="Submit button" onclick="editItem(this)">
<input style="float: right; margin-right: 7px; display: none; " type="image" src="/images/b_drop.png" alt="Submit button" onclick="delItem(this)">
<ul style="display: none; ">
<li style="width: 300px; background-color: white; cursor: default; list-style-image: none; ">Cheese
<input style="float:right;" type="image" src="/images/next_level.png" alt="Submit button" onclick="newLevel(this)">
<input style="float:right; margin-right: 7px;" type="image" src="/images/b_add.png" alt="Submit button" onclick="addItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_edit.png" alt="Submit button" onclick="editItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_drop.png" alt="Submit button" onclick="delItem(this)">
</li>
<li style="width: 300px; background-color: white; cursor: default; list-style-image: none; ">Milk
<input style="float:right;" type="image" src="/images/next_level.png" alt="Submit button" onclick="newLevel(this)">
<input style="float:right; margin-right: 7px;" type="image" src="/images/b_add.png" alt="Submit button" onclick="addItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_edit.png" alt="Submit button" onclick="editItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_drop.png" alt="Submit button" onclick="delItem(this)">
</li>
<li style="width: 300px; cursor: default; list-style-image: none; ">Pretzels
<input style="float:right;" type="image" src="/images/next_level.png" alt="Submit button" onclick="newLevel(this)">
<input style="float:right; margin-right: 7px;" type="image" src="/images/b_add.png" alt="Submit button" onclick="addItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_edit.png" alt="Submit button" onclick="editItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_drop.png" alt="Submit button" onclick="delItem(this)">
</li>
</ul>
</li>
<li style="width: 300px; background-color: white; list-style-image: url(http://champ/images/plus.gif); ">Walmart
<input style="float: right; display: none; " type="image" src="/images/next_level.png" alt="Submit button" onclick="newLevel(this)">
<input style="float: right; margin-right: 7px; display: none; " type="image" src="/images/b_add.png" alt="Submit button" onclick="addItem(this)">
<input style="float: right; margin-right: 7px; display: none; " type="image" src="/images/b_edit.png" alt="Submit button" onclick="editItem(this)">
<input style="float: right; margin-right: 7px; display: none; " type="image" src="/images/b_drop.png" alt="Submit button" onclick="delItem(this)">
<ul style="display: none; ">
<li style="width: 300px; background-color: white; cursor: default; list-style-image: none; ">Bread
<input style="float:right;" type="image" src="/images/next_level.png" alt="Submit button" onclick="newLevel(this)">
<input style="float:right; margin-right: 7px;" type="image" src="/images/b_add.png" alt="Submit button" onclick="addItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_edit.png" alt="Submit button" onclick="editItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_drop.png" alt="Submit button" onclick="delItem(this)">
</li><li style="width: 300px; background-color: white; cursor: default; list-style-image: none; ">Bannanas
<input style="float:right;" type="image" src="/images/next_level.png" alt="Submit button" onclick="newLevel(this)">
<input style="float:right; margin-right: 7px;" type="image" src="/images/b_add.png" alt="Submit button" onclick="addItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_edit.png" alt="Submit button" onclick="editItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_drop.png" alt="Submit button" onclick="delItem(this)">
</li><li style="width: 300px; background-color: white; cursor: default; list-style-image: none; ">Cereal
<input style="float:right;" type="image" src="/images/next_level.png" alt="Submit button" onclick="newLevel(this)">
<input style="float:right; margin-right: 7px;" type="image" src="/images/b_add.png" alt="Submit button" onclick="addItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_edit.png" alt="Submit button" onclick="editItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_drop.png" alt="Submit button" onclick="delItem(this)">
</li><li style="width: 300px; background-color: white; cursor: default; list-style-image: none; ">Tortillas
<input style="float:right;" type="image" src="/images/next_level.png" alt="Submit button" onclick="newLevel(this)">
<input style="float:right; margin-right: 7px;" type="image" src="/images/b_add.png" alt="Submit button" onclick="addItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_edit.png" alt="Submit button" onclick="editItem(this)">
<input style="float:right; margin-right: 7px" type="image" src="/images/b_drop.png" alt="Submit button" onclick="delItem(this)">
如您所见,我正在尝试将我的购物清单保存到数据库中。据我了解跨站点脚本过滤器问题,当您通过 http post 方法发送 js 然后通过 http 响应返回相同的代码时会出现问题。也许我误解了这个问题,因为我在这段代码中没有看到任何 js,是吗?
所以我希望将这个js变量的内容写入一个隐藏的输入表单元素并提交表单:
function saveList()
{
var list = $('ul').html();
document.getElementById("html_passed").value = list;
document.forms["editsForm"].submit();
}
这是表单定义:
<form name="editsForm" action="/cgi-bin/todo2.py" method="post">
...
<input id="html_passed" type="hidden" name="html_passed">
...
</form>
然后在执行python cgi脚本(todo2.py)时读取这个表单元素的值:
form = cgi.FieldStorage()
if form.keys() != []:
if 'html_passed' in form.keys():
然后通过 MySQLdb 将这段代码放在一个 mysql db 中。但是,当我尝试阅读表单内容时,form = cgi.FieldStorage()
我在 webkit 控制台中收到以下错误:
Refused to execute a JavaScript script. Source code of script found within request.
所以,我有点卡住了。我找到了一些关于跨站点脚本解决方法的信息,但我不知道如何在 python 中发送非标准 HTTP 标头,或者是否可以完成。我看到它可以在 php 中完成header("X-XSS-Protection: 0");
。但是,如果有其他方法可以解决此问题,我宁愿不要搞砸。任何想法将不胜感激。谢谢。