On 12-09-11 18:25, Florian Apolloner wrote:
On Monday, September 12, 2011 5:39:03 PM UTC+2, Reinout van Rees wrote:
Addition: disallow attributes/methods starting with an underscore?
That's a handy way to stow away dangerous methods should you have them
in your view.
That's already the case for resolving variables in templates, I don't
think we need any specialcasing here.
> The only way I can see yourself shooting in the foot is
when you have a
> form view that reacts to get() and post(). Upon "get()",
the template
> *could* call data-modifying methods on the class.
Not easily, since the templates can only call methods which don't
require extra params, get/post do take request at least.
I love it when problems solve themselves :-)
Reinout
--
Reinout van Rees http://reinout.vanrees.org/
rein...@vanrees.org http://www.nelen-schuurmans.nl/
"If you're not sure what to do, make something. -- Paul Graham"
--
You received this message because you are subscribed to the Google Groups "Django
developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.