1

如何向用户询问一些数据(一些字段可以在之后修改),将其存储在数据库中,然后将收集到的一些数据显示给站点用户,以便所有 db 内容都不会暴露在页面源代码中?

这是一个完整的示例,在页面重新加载后,所有数据都在页面源中可见:

import stdlib.crypto

type user= {md5sum: string; name: string; email: string; is_achy: bool }
db /users : stringmap(user);
db /users[_]/is_achy = {false}

setup_page()=
(
  <div id=#users>
    <div class="container">
    <table id=#lista >
    <tr>
      <th>Name</th>      
      <th>Headache?</th>      
    </tr>
    {list_db()}    
    </table>
    </div>
  </div>
  <div class="container">
    <p>
    Not on the list? Add it here.
    </p>
    <p>
    <input id=#username value="default"/>
    <input id=#email_address value="default@def.ault/>
    <input type="button" value="Add" onclick={_ -> add_user()} />
    </p>
  </div>
)

list_db()=
(  
  List.map(
    users -> <tr> <th>{users.name}</th> <th><input type="checkbox" id=#{users.md5sum} onclick={_ -> is_achy(users.md5sum)}/></th></tr>, StringMap.To.val_list(/users)
  )
)

add_user() =
(
  name = Dom.get_value(#username)
  md5sum = Crypto.Hash.md5(name)
  email = Dom.get_value(#email_address)  
  if name != "" then 
    do /users[md5sum] <- {~md5sum ~name ~email is_achy=false}
  Dom.transform([{Dom.select_body()} <- setup_page()])
)

is_achy(md5sum) =
(
  /users[md5sum]/is_achy <- Dom.is_checked(Dom.select_id(md5sum))

)

server = one_page_server("Achy head?", setup_page)
4

1 回答 1

1

I'm running under the assumption that what you are upset about is that the emails are visible in the sources, as all the other data you are displaying, so it's hardly a surprise that they are ending up on the client.

Why do the emails make it to the client? I thought that marking the list_db function as server-side would resolve that but it's not the case and to be honest, I'm not sure why. I'll have to do a bit more digging or try to ask somebody better informed than I am. A simple (though not very satisfactory) work-around would be to make a function that projects the user type into something that is needed for the rendering in the browser and to make this projection on the server. It could look something like this:

@server users_data() =
(
  StringMap.map(user -> {md5sum=user.md5sum; name=user.name; is_achy=user.is_achy}, /users)
  |> StringMap.To.val_list
)

list_db()=
(
  render_user(user) =
    <tr>
      <th>{user.name}</th>
      <th><input type="checkbox" id=#{user.md5sum} onclick={_ -> is_achy(user.md5sum)}/></th>
    </tr>
  List.map(render_user, users_data())
)

You will see that now the emails don't "leak" into the client. I'll try to come up with a better answer though...

于 2011-10-31T21:35:57.817 回答