Is there a way to suppress -? & command?

Thanks in advance...

This message has been edited. Last edited by: Kerry,

Absolutely!
Remove it...

I want it to trace all & the variables for security reason

Well, then don't suppress it, comment it out if you don't want to see them, uncomment if you do??

Comment out:
-*-? &

Uncomment:
-? &

I guess I don't get it???

Maybe you are trying to hide them from users.
This link "may" be what you are trying to do...

Tom,
Due to security issue. i am trying to read all the variables and scan for unwanted codes...


-SET &ECHO=ALL;

SET MSG=OFF
SET MESSAGE=OFF

-SET &BADCD='';

-SET &EDATEMP = TEMPPATH(80, 'A80');
APP MAP EDATEMP &EDATEMP
APP HOLD EDATEMP

-SET &FIL='&EDATEMP.EVAL'||'test.trc';
-RUN
-*
SET TRACEUSER=&FIL.EVAL
-RUN
-? &

FILEDEF TRACE DISK &FIL.EVAL
-RUN

APP PATH BASEAPP
DEFINE FILE TRACE
RESULT/A175 = SUBSTR(200,LINE,41,200,155,'A155');
END
TABLE FILE TRACE
PRINT RESULT
WHERE LINE CONTAINS 'NGtrEvnt'
WHERE (LINE CONTAINS '>' OR LINE CONTAINS '<' OR LINE CONTAINS '%3C' OR LINE CONTAINS '%3c' OR LINE CONTAINS '%3E' OR LINE CONTAINS '%3e' ) ;
ON TABLE HOLD
END
-RUN


The logic works fine, Only issue is i want to suppress all the &variables when try to view the source by right clicking...

Thanks

Well, if they are just running Focexec's, out of luck, unless you render the output in HTMLFORM.

If through HTML, search Google, Javascript Disable right clck, plenty of stuff out there, and incorporate into HTML...

If not, the link I gave above relates how to turn it off..

No other ideas come to mind...

Tom

search all the fexcodes with a read commando
put the fex name and the line that holds the & value in a table
make a report on the eind result

Hi,

you could do something like this:

SET &T = '-? &';
&T.EVAL

-
You can set &T at runtime if you want traces and set it to empty if you don't.

Regards,
Markus

Sorry Markus,That didnt help me.

Could you do it with some examples?

Hi,

I guess you have some kind of initialisation. There you can define a rule, when to activate the trace-Statement.
For example you want the trace to be active if you are user1:

  
-SET &TRACE = IF &IBIMR_user EQ 'user1' THEN '-? &' ELSE '';

In your report you simply write where you want to see the traces:

  
&TRACE.EVAL

This way, if you are user1 you will see the traces, otherwise you do not see them.
Regards,
Markus

If I understand you correctly, you want the output of the -? & command to be put in the trace file, which you then can table to find all offending values. So far OK. But when that process is done you will have to send something back to the browser, but that will contain the result of the -? & command also, visible when doing a view source. And that is something you do not want. Did I undertstand this correctly?
You could search for something to prevent doing a right mouse click but that is not 100 % sufficient, I guess.
If you do not care what is being presented, as long as it is not the result, you could do something like this after finding ans saving the offending variables:

TABLE FILE SYSCOLUM
ON TABLE SET PREVIEW ON
SUM COMPUTE TOTALOFF/A50 = 'Number of offending variables found = &LINES'; AS ''
ON TABLE PCHOLD FORMAT PDF
END

There is no way to prevent the output of the values aother than outputting something that clears the html comments ... like PDF or XML or something like that.

Thanks for the input guys,
Still i am able to see the displayed values of -? &

So I've opened a ticket, such that to find a way to read all the active variables in a file rather than using '-? &' command. They are still researching on it.

I don't get the point of this. First you want to "suppress the -? & command", then you want to "trace all the & variables", sounds like opposites. Then you want to "read all the variables and scan for unwanted codes" with which you probably mean "read all the code to look for unwanted code".