Passing values from a DIV element to an input
I think the best way is to use data attributes for both. You have one data attribute with the formatted date and one data attribute with the date you want for the backend.
When a user clicks the date you simply put the formatted date into a normal input and use the value you need for the backend into a hidden field.
jsfiddle
HTML
<div class="date" data-value='13032015' data-formatted="13th March 2015" id='something'>13</div>
<div class="date" data-value='14032015' data-formatted="14th March 2015" id='something'>14</div>
<div class="date" data-value='15032015' data-formatted="15th March 2015" id='something'>15</div>
<input type='text' value='' name='dateA' id='dateF'>
<input type='hidden' value='' name='dateA' id='dateD'>
Javascript/jQuery
var date = $('.date');
var inputD = $('#dateD');
var inputF = $('#dateF');
date.on('click', function(){
var valueD = $(this).data('value');
var valueF = $(this).data('formatted');
inputD.val(valueD);
inputF.val(valueF);
console.log(valueD);
});
a href tag to place a link
You can use links to submit hidden forms, if that's what you're asking.
<a href="#" onclick="submitForm('secretData')">Click Me</a>
<form id="secretData" method="post" action="foo.php" style="display:none">
<input type="hidden" name="foo" value="bar" />
</form>
<script type="text/javascript">
function submitForm(formID) {
document.getElementById(formID).submit();
}
</script>
TypeError: Functionname is not a function at HTMLButtonElement.onClick
function namecaller() { var a = "scurvy"; var b = "dog"; document.getElementById("content").innerHTML = "You are a " + a + " " + b;}
<div id="content"></div><button type="button" onclick="namecaller()"> You are a...</button>
How does Content Security Policy (CSP) work?
The Content-Security-Policy
meta-tag allows you to reduce the risk of XSS attacks by allowing you to define where resources can be loaded from, preventing browsers from loading data from any other locations. This makes it harder for an attacker to inject malicious code into your site.
I banged my head against a brick wall trying to figure out why I was getting CSP errors one after another, and there didn't seem to be any concise, clear instructions on just how does it work. So here's my attempt at explaining some points of CSP briefly, mostly concentrating on the things I found hard to solve.
For brevity I won't write the full tag in each sample. Instead I'll only show the content
property, so a sample that says content="default-src 'self'"
means this:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
1. How can I allow multiple sources?
You can simply list your sources after a directive as a space-separated list:
content="default-src 'self' https://example.com/js/"
Note that there are no quotes around parameters other than the special ones, like 'self'
. Also, there's no colon (:
) after the directive. Just the directive, then a space-separated list of parameters.
Everything below the specified parameters is implicitly allowed. That means that in the example above these would be valid sources:
https://example.com/js/file.js
https://example.com/js/subdir/anotherfile.js
These, however, would not be valid:
http://example.com/js/file.js
^^^^ wrong protocol
https://example.com/file.js
^^ above the specified path
2. How can I use different directives? What do they each do?
The most common directives are:
default-src
the default policy for loading javascript, images, CSS, fonts, AJAX requests, etcscript-src
defines valid sources for javascript filesstyle-src
defines valid sources for css filesimg-src
defines valid sources for imagesconnect-src
defines valid targets for to XMLHttpRequest (AJAX), WebSockets or EventSource. If a connection attempt is made to a host that's not allowed here, the browser will emulate a400
error
There are others, but these are the ones you're most likely to need.
3. How can I use multiple directives?
You define all your directives inside one meta-tag by terminating them with a semicolon (;
):
content="default-src 'self' https://example.com/js/; style-src 'self'"
4. How can I handle ports?
Everything but the default ports needs to be allowed explicitly by adding the port number or an asterisk after the allowed domain:
content="default-src 'self' https://ajax.googleapis.com http://example.com:123/free/stuff/"
The above would result in:
https://ajax.googleapis.com:123
^^^^ Not ok, wrong port
https://ajax.googleapis.com - OK
http://example.com/free/stuff/file.js
^^ Not ok, only the port 123 is allowed
http://example.com:123/free/stuff/file.js - OK
As I mentioned, you can also use an asterisk to explicitly allow all ports:
content="default-src example.com:*"
5. How can I handle different protocols?
By default, only standard protocols are allowed. For example to allow WebSockets ws://
you will have to allow it explicitly:
content="default-src 'self'; connect-src ws:; style-src 'self'"
^^^ web Sockets are now allowed on all domains and ports.
6. How can I allow the file protocol file://
?
If you'll try to define it as such it won't work. Instead, you'll allow it with the filesystem
parameter:
content="default-src filesystem"
7. How can I use inline scripts and style definitions?
Unless explicitly allowed, you can't use inline style definitions, code inside <script>
tags or in tag properties like onclick
. You allow them like so:
content="script-src 'unsafe-inline'; style-src 'unsafe-inline'"
You'll also have to explicitly allow inline, base64 encoded images:
content="img-src data:"
8. How can I allow eval()
?
I'm sure many people would say that you don't, since 'eval is evil' and the most likely cause for the impending end of the world. Those people would be wrong. Sure, you can definitely punch major holes into your site's security with eval, but it has perfectly valid use cases. You just have to be smart about using it. You allow it like so:
content="script-src 'unsafe-eval'"
9. What exactly does 'self'
mean?
You might take 'self'
to mean localhost, local filesystem, or anything on the same host. It doesn't mean any of those. It means sources that have the same scheme (protocol), same host, and same port as the file the content policy is defined in. Serving your site over HTTP? No https for you then, unless you define it explicitly.
I've used 'self'
in most examples as it usually makes sense to include it, but it's by no means mandatory. Leave it out if you don't need it.
But hang on a minute! Can't I just use content="default-src *"
and be done with it?
No. In addition to the obvious security vulnerabilities, this also won't work as you'd expect. Even though some docs claim it allows anything, that's not true. It doesn't allow inlining or evals, so to really, really make your site extra vulnerable, you would use this:
content="default-src * 'unsafe-inline' 'unsafe-eval'"
... but I trust you won't.
Further reading:
http://content-security-policy.com
http://en.wikipedia.org/wiki/Content_Security_Policy
How to fix "Undefined variable: gambar (View: C:\xampp\htdocs\apmt\resources\views\upload.blade.php)
You have missed passing the gambar
in the proses_upload
function and I guess you are inserting the image in the upload.blade.php
public function proses_upload(Request $request){
$this->validate($request, [
'file' => 'required|file|image|mimes:jpeg,png,jpg|max:2048',
'keterangan' => 'required',
]);
// menyimpan data file yang diupload ke variabel $file
$file = $request->file('file');
$nama_file = time()."_".$file->getClientOriginalName();
// isi dengan nama folder tempat kemana file diupload
$tujuan_upload = 'data_file';
$file->move($tujuan_upload,$nama_file);
Gambar::create([
'file' => $nama_file,
'keterangan' => $request->keterangan,
]);
$gamber = Gambar::get();
return view('upload',['gambar' => $gambar]);
}
Related Topics
How to Hide Select Options With Javascript (Cross Browser)
Image Taken from Camera Not Saved to Gallery
How to Play Audio File into Channel
Ag-Grid Cellrender With Button Click
How to Find Matching Values in Two Arrays
How to Extract the User Name from an Email Address Using JavaScript
Open a Component in New Window on a Click in React
How to Force Update Child Component from Parent Component in Reactjs
Detect If User Is Using Webview for Android/Ios or a Regular Browser
How to Properly Import Function in a Reactjs File
How to Get Checkbox Value in Angular
How to Check If Input Field Is in Focus or Not
Using Html5/Javascript to Generate and Save a File
How to Disable Dates Before Today in Jquery Datepicker
How to Force Clients to Refresh JavaScript Files
React-Native: Convert Image Url to Base64 String
How to Convert All Elements in an Array to Integer in JavaScript