Hi, Chris. Since Deform doesn't mention CSRF, I assume it must be done by another session-based plugin at the discretion of the developer? Like, opt-in security? :) Also, the docs say that some form controls rely on JS being available. That's understandable, like in the case of date-time controls. Still it would be great if the generated HTML targeted both JS-on and JS-off users via <noscript>. Like a fuzzy scripted date widget vs. simple combo-boxes to do the same thing.
-- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
