cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Gallardo" <agalla...@agssa.net>
Subject Re: [lazy vote] cforms request processing
Date Tue, 02 Nov 2004 00:13:21 GMT
Tim Larson dijo:
> We have talked several times about changing the request
> processing in cforms to not touch any widget whose
> request parameter is missing (to prevent these widgets'
> values from being reset to null,) the end result being
> that it would be easier for the view to decide how to
> split a form across multiple pages without breaking the
> SoC between the form model and the view.

Is not posible to do that before sending the page? IMO given blind truting
to what the client is sending back is not good at all.

This can open some posible security concerns at all?

>
> As discussed before, this change would involve sending
> a hidden field along with every checkbox to indicate
> the presence of the checkbox, because an unchecked
> checkbox does not generate a request parameter on POST.
> This would allow to distinguish between a checkbox that
> is unchecked versus a checkbox that is not on the page.

What is the performance impact of that???

> What do we want to do?
> [ ] leave as is
> [ ] make the changes described above

Hmm.. I am still not sure. Can you explain a little bit about the above
first or just point to some links?

Many thanks in advance. ;-)

Best Regards,

Antonio Gallardo


Mime
View raw message