ben-
the secure_form validator sounds perfect. thanks for the heads up.
i think i'm going to play with some post-processing to enable
secure_form though post-processing.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Previously Jonathan Vanasco wrote:
neat bob.
I kind of like how django hacked it as a middleware filter though...
maybe i could take your code and push it into two decorators...
@csrf_protect_form - set global that will regex forms and add tokens
A regexp can't detect if it is
On Apr 18, 2008, at 9:04 AM, Jonathan Vanasco wrote:
Django has a neat middleware component
http://www.djangoproject.com/documentation/csrf/
has anyone thought of porting this to pylons?
WebHelpers has a secure_form tag, and there's a secure_form decorator
in Pylons that checks and
Django has a neat middleware component
http://www.djangoproject.com/documentation/csrf/
has anyone thought of porting this to pylons?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post
There's some similar functionality in ToscaWidgets, though it's tied to
forms, not to the request.
This might break REST interfaces; there might be lots of times where
software is PUTing data to an URL when it never read the form in the first
place. You'd have to teach the client end of the
We do CSRF protection in genshi/pylons like this:
form py:match=//[EMAIL PROTECTED]'POST']
accept-charset=us-ascii,utf-8
py:attrs=select('@*')
input type=hidden name=t_token value=${h.form_token()}
/ ${select(*|text())}
/form
def form_token(alias=None):
alias