2009/5/12 Tres Seaver <tsea...@palladion.com>:
> The server side wouldn't know that:  the presence of such a field in the
> request is completely independent of any form (e.g., cookies passed long
> after logging in).

I understand the issue, but shouldn't the remedy be to avoid ever
displaying request data in a public view?

Repoze-dev mailing list

Reply via email to