David,
James,
I had the same problem, almost decided to get rid of FormBuild because
of that :-(. Thank you guys!
This "prefilling" would also copy passwords entered from another
browser. Would it be a good idea to never fill password-typed fields
with anything coming from request object? It seems to me that the
majority of cases where password is taken from request would be
errors. Usually, if the form requires a password and there's a
validation error, all fields should be prefilled with old answers,
except password. If application needs to take password from request,
it would copy it explicitly into default values dictionary. If I
understand correctly, the code would be something like this:
def password(self, name="password", value=None, id=None, **options):
"""Creates a password field
Takes the same options as text_field """
# For added security, discard value coming from request...
value = self._form.get_default(name)
return password_field(name, value, id=id, **options)
Thank you!
Sergey.
On 9/28/06, James Gardner <[EMAIL PROTECTED]> wrote:
>
> Thanks Anil.
>
> David has found the problem so I've made a new release of FormBuild so
> that everyone can upgrade.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss
-~----------~----~----~----~------~----~------~--~---
