Wichert Akkerman wrote:
Previously Raphael Ritz wrote:
There is one question I have already now: Who feels responsible
for updating the forms that ship with Plone/AT to make use of
this? (or am I missing something?) And don't get me wrong:
I have no problem shipping it even without using it right away
just to make it readily available.
A few quick comments:
It is only important for the forms that are security sensitive.
Of course
That
comes down to personalize_form,
Yup
the control panel forms
which are a few
and the sharing
form.
and don't forget that there are some that we ship without
offering them in the default UI like the ownership_form
Perhaps a few others, but I think that list is quite complete
already.
Alex suggested the other day that AT itself could use this as well;
considering how simple it is to use that should indeed be doable with a
few small changes in base_edit.pt and processForm.
I agree that with these two we should be quite safe already.
Where I am lacking some overview and understanding at
the moment are the things KSS uses.
Personally I'm not
convinced we need to do this everywhere, but since the performance
effect should be very small it won't hurt either.
Either way I can think of no reason at the moment to
not include this as soon as possible.
Raphael
Wichert.
_______________________________________________
Framework-Team mailing list
Framework-Team@lists.plone.org
http://lists.plone.org/mailman/listinfo/framework-team
