cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Donald Ball <>
Subject Re: [announce] XMLForm - a new project using Xerces, Xalan, & JTidy
Date Mon, 28 Feb 2000 23:41:53 GMT
> Also, I don't like the ability for users to match around with my XML
> structure from the HTML form, this is a HUGE security hole.

(match around == mess around ?) How else do you suppose content editors
are going to be able to edit site content over the web?? If you're worried
about users being able to fake forms, well, there's a reason it's a POST
only servlet. I'm already going to add origination URL restrictions.

> I think Donald's proposal is clever, but adds more problems than it
> solves. We must think about better ways to do the full loop 

Can you elaborate? Right now, the only thing I don't like about XMLForm is
having to write the XML fragment mockup in the HTML form using specially
named parameters. However, Eric van der Vlist has suggested an interesting
alternate strategy that I may well adopt. That being said, I'm now happily
adding, editing, and removing fragments from my XML files through a nice
HTML form interface using XMLForm and cocoon. I'd rather like to know what
problems you see with this approach.

It's not a proposal, anyway, it's a project. Proposal is when you say you
want to do something, project is when you have done something. :)

>  request (empty) -> response (with form) -> request (with data) ->
> response (with result)
> This is the piece we are currently missing.
> I was playing around with XFA ( but I'm not sure which
> direction to take... what do you think?

I think they're making the form specification too complicated. They're
mixing up design and function. I also think that rendering an XFA form in
HTML is going to be really difficult. That being said, I think that XFA
is almost certainly worth experimenting with.

- donald

View raw message