On Sep 22, 10:01 pm, Brian Beck <[EMAIL PROTECTED]> wrote: > > > -- What about third-party app forms that aren't SafeForms, but need to > > > be? The situation dictates this, not the form author. > > I think we keep CSRF middleware around to deal with that. We also very > > actively encourage third party apps to adopt SafeForm as soon as 1.1 > > is out. > > But still, the situation dictates the need for SafeForm, not the form > author. If this becomes best practice, essentially *every* form will > need to be initialized with a request.
One thing that might help out in this case would be the ability to create a SafeForm from a regular Form (which might be an argument for csrf protection as a feature of django.forms.Form rather than a subclass). If the third party code is well written (it follows the class-based generic view idiom for example, providing a get_form() method that can be over-ridden) it should be straight forward to intercept the form it creates and upgrade it to a SafeForm. You've reminded me of another problem with SafeForm: how does it interact with ModelForms? Is there a SafeModelForm as well? What about FormSets? Cheers, Simon --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---