Fabio,
Good point!
Browser-side security is VERY easy to bypass.
For example, just use Firebug or the built-in dev tools of Firefox,
Chrome, or Safari (or probably even IE by now), to edit the HTML
of the current page and then click the OK/Send/Submit button.
--Fred
------------------------------------------------------------------------
Fred Stluka -- mailto:[email protected] -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
------------------------------------------------------------------------
On 3/22/16 10:35 AM, Fabio C. Barrionuevo da Luz wrote:
self.fields[name].widget.attrs['disabled'] = 'disabled'
self.fields[name].widget.attrs['readonly']=True
is not make real readonly to field, because if user can edit the html
on client side, and remove disabled="disabled" and readonly input
atributtes
to problem of readonly fields, i currently use this:
https://github.com/luzfcb/django-simple-history/blob/wip-generic-views2/simple_history/forms.py
I prevent it here
https://github.com/luzfcb/django-simple-history/blob/wip-generic-views2/simple_history/forms.py#L24
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/57003696.2070502%40bristle.com.
For more options, visit https://groups.google.com/d/optout.
