Pascal Voitot wrote: > I see your point but, as an external XWiki user/developer (I'm not > committer), I think these are only velocity scripts containing useful > variables and parts of interaction code but no "core" core... These > scripts could be copied/pasted in any XWiki document... To my mind, the > important thing is not to hide these scripts but to verify they don't > contain any silly access control such as "if($hasRight) > doSomethingNeedingStrongSecurity()" because if you simply rewrite the script > without the test, you access what should be protected... The control should > be placed in the code...
The control usually is in the core, but templates contain this kind of checks to let the user know what he can / cannot do. -- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
