Hi, Am Donnerstag, den 06.12.2007, 11:37 +0100 schrieb Tobias Bocanegra: > imo we need not request input validation.
Are you kidding ? :-) Honestly, all input MUST be validated somehow before it is applied. At the minium XSS must be prevented ! This can only be done by some form of input validation. > if you want to restrict, use the repository value constraints :-) This has two serious drawbacks: (1) it requires node types and (2) it is rather limited and not extensible. So IMHO this option is not a real one. Regards Felix
