Wichert Akkerman wrote:
Previously Raphael Ritz wrote:
There is one question I have already now: Who feels responsible
for updating the forms that ship with Plone/AT to make use of
this? (or am I missing something?) And don't get me wrong:
I have no problem shipping it even without using it right away
just to make it readily available.
A few quick comments:
It is only important for the forms that are security sensitive.
comes down to personalize_form,
the control panel forms
which are a few
and the sharing
and don't forget that there are some that we ship without
offering them in the default UI like the ownership_form
Perhaps a few others, but I think that list is quite complete
Alex suggested the other day that AT itself could use this as well;
considering how simple it is to use that should indeed be doable with a
few small changes in base_edit.pt and processForm.
I agree that with these two we should be quite safe already.
Where I am lacking some overview and understanding at
the moment are the things KSS uses.
Personally I'm not
convinced we need to do this everywhere, but since the performance
effect should be very small it won't hurt either.
Either way I can think of no reason at the moment to
not include this as soon as possible.
Framework-Team mailing list