Embedding URLs is generally not a problem as long as you are not including
any particular server information. You should ensure that your server side
code is secure and validates the input / parameters it receives.
If the user is logged in for this function call you could user
@auth.requires_login or @auth.requires_membership(role='*name of group user
has to be member of') decorators to block calls from unknown sources.
Thanks,
Stuart
On Monday, June 13, 2016 at 1:27:58 PM UTC-7, Alex Glaros wrote:
>
> the only way I could get fancyTree to work was with "source url" parmeter
> below. Is that a safe way to create a url and send it a dict item?
> (Crontroller view_tree works with: request.get_vars.specificTaxonomyFK)
>
> // Initialize Fancytree
> $("#alexTree").fancytree({
> checkbox: true,
> selectMode: 3,
> source: {url: "
> http://127.0.0.1:8000/ES3/default/view_tree.json/?specificTaxonomyFK={{=specificTaxonomyFK}}
> "},
> dataType: "json",
> postProcess: function(event, data){
> data.result = convertData(data.response);
> },
> select: function(event, data) {
> window.open(data.node.data.alexLink, "_blank");
> }
> });
>
> thanks
>
> Alex Glaros
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
