 |
 |
Embedding CGI's in HTML
|
|
|
|
|
Registered User
Join Date: Nov 2001
Location: Jersey
Status:
Offline
|
|
I've got a Perl script that someone else made that runs my counter on macgyvr64.homeftp.net, but now I'm working on another script of my own (that doesn't do counting). <y script returns plain text, and I'd like to use it in an HTML page, but <BLOCKQUOTE><font size="1"face="Geneva, Verdana, Arial">code:</font><HR><pre><font size=1 face=courier><!--#exec cgi=<font color = red>"script.cgi"</font>--></font>[/code] doesn't work. Yet if I put in the line <BLOCKQUOTE><font size="1"face="Geneva, Verdana, Arial">code:</font><HR><pre><font size=1 face=courier>print <font color = red>"Content-Type: text/plain\n"</font>;</font>[/code] and point my browser at the script, it returns the proper results. How do I get the results INTO the web page (without having the script output the page itself)?
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jun 2001
Location: Melbourne, Australia
Status:
Offline
|
|
I've just had EXACTLY the same problem with a news CGI application. The instructions say to use the SSI <!--#include --> directive, but the client's ISP doesn't allow it. But they support CGI, so go figure. 
Anyway, the only way I've found - and it seems fairly solid - is to link to the CGI script as an external javascript :
<script type="text/javascript" language="javascript" src="your.cgi"></script>
Then, wherever your CGI has the <BLOCKQUOTE><font size="1"face="Geneva, Verdana, Arial">code:</font><HR><pre><font size=1 face=courier>print <font color = red>"something"</font>;</font>[/code] or <BLOCKQUOTE><font size="1"face="Geneva, Verdana, Arial">code:</font><HR><pre><font size=1 face=courier>echo <font color = red>"something"</font>;</font>[/code] command, just modify it to read <BLOCKQUOTE><font size="1"face="Geneva, Verdana, Arial">code:</font><HR><pre><font size=1 face=courier>print <font color = red>"document.write('something')"</font>;</font>[/code]
This way your javascript is actually performing the proper code insertion, but it gets to use dynamic data.
Nifty, eh?
Oh well, perhaps not as nifty as just supporting SSI in the first place 
|
|
Computer thez nohhh...
|
| |
|
|
|
|
|
|
|
Registered User
Join Date: Nov 2001
Location: Jersey
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Status:
Offline
|
|
Most ISP's don't allow the #exec tag from SSI (there's even a special option to just disable that particular tag, actually).
The reason is, it's a serious security risk. Let's say, for example, you have a messageboard or guestbook or something similar; basically, something that somebody can post to. Now, let's also say thatt this script doesn't properly check to dismiss comments or other code. All a hacker would have to do is stick an SSI tag into a post, point it at anything on the machine (say, cat /etc/passwd), and he can get at lots of stuff on your machine that you wouldn't want him to see.
I believe, however, that you can use a different SSI tag to the same effect, but more securely. Try this:<BLOCKQUOTE><font size="1"face="Geneva, Verdana, Arial">code:</font><HR><pre><font size=1 face=courier><!--#include virtual=<font color = red>"script.cgi"</font>--></font>[/code]
|
|
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
