[Borges-users] Patches, Proposals: Patch for current CVS
Eric Hodel
drbrain at segment7.net
Sun Apr 4 10:28:53 EDT 2004
> |>b) Security patch to input type=* value=... and to text_area: Values
> | Ok.
> | Seaside's #text now encodes the text be default. I'd like to do this as
> | well. Could this problem be solved in a more general way by simply
> | encoding all attribute values?
>
> I don't think it's a good idea to encode all attribute values (or
> anything at all) by default. Let the user choose what he wants to do,
> and do the obvious where there is just one thing he can want to do.
When I get a chance, I'll pull down a newer Seaside and see what they've
done.
> I think it is very important to have a way of outputting direct html; so
> the difference between #text and #encode_text should stay there.
I think #encode_text would be come #text, and #text would become
#raw_text (or something similar).
What I've done is encoded the <input> value attribute and
the <textarea> content. I'll hold off on switching #encode_text to
#text until a later date. Let me know if this works out for you.
--
Eric Hodel - drbrain at segment7.net - http://segment7.net
All messages signed with fingerprint:
FEC2 57F1 D465 EB15 5D6E 7C11 332A 551C 796C 9F04
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://rubyforge.org/pipermail/borges-users/attachments/20040404/54ad7b82/attachment.bin
More information about the Borges-users
mailing list