Fix broken secret-detection algorithm, making anonymous users vulnerable.
[csrf-magic.git] / js-test / yui.php
blob53d227c14bcf1ca7fa0dd9f242c8a0567af59810
1 <?php require_once 'common.php'; ?>
2 <!DOCTYPE html
3 PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN
4 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
6 <head>
7 <title>Yahoo! UI library test page for csrf-magic</title>
8 <?php
9 $locs = array();
10 $locs[] = print_javascript('yui/build/yahoo/yahoo', 'http://yui.yahooapis.com/3.0.0pr1/build/yahoo/yahoo.js');
11 $locs[] = print_javascript('yui/build/event/event', 'http://yui.yahooapis.com/3.0.0pr1/build/event/event.js');
12 $locs[] = print_javascript('yui/build/connection/connection', 'http://yui.yahooapis.com/3.0.0pr1/build/connection/connection.js');
14 </head>
15 <body>
16 <h1>Yahoo! UI library test page for csrf-magic</h1>
17 <p>Using <?php echo implode(', ', $locs); ?></p>
18 <textarea id="js-output" cols="80" rows="4"></textarea>
19 <script type="text/javascript">
20 //<![CDATA[
21 var textarea = document.getElementById('js-output');
22 textarea.value = "YUI " + YAHOO.VERSION + "\n";
23 var callback = {success: function (transport) {
24 textarea.value += transport.responseText;
26 var transaction = YAHOO.util.Connect.asyncRequest('POST', 'yui.php', callback, 'ajax=yes&foo=bar');
27 //]]>
28 </script>
29 </body>
30 </html>