Fabio,
Good point!
Browser-side security is VERY easy to bypass.
For example, just use Firebug or the built-in dev tools of Firefox,
Chrome, or Safari (or probably even IE by now), to edit the HTML
of the current page and then click the OK/Send/Submit button.
--Fred
------------------------------------------------------------------------
Fred Stluka -- mailto:f...@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
------------------------------------------------------------------------
On 3/22/16 10:35 AM, Fabio C. Barrionuevo da Luz wrote:
self.fields[name].widget.attrs['disabled'] = 'disabled'
self.fields[name].widget.attrs['readonly']=True
is not make real readonly to field, because if user can edit the html
on client side, and remove disabled="disabled" and readonly input
atributtes
to problem of readonly fields, i currently use this:
https://github.com/luzfcb/django-simple-history/blob/wip-generic-views2/simple_history/forms.py
I prevent it here
https://github.com/luzfcb/django-simple-history/blob/wip-generic-views2/simple_history/forms.py#L24
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/57003696.2070502%40bristle.com.
For more options, visit https://groups.google.com/d/optout.
