I've started doing the following. If the "delete" action is called using GET then I'm serving a "Are you sure you want to delete item X?" page which has a form and a submit button to it. When JS is enabled then my "delete" link has an onclick event that pops up a JS confirm() modal and then sends out an AJAX POST.
This way you are protected from XSS while also having a very accessible site. If you want no confirmation then Tariques suggestion is the best solution. -- Felix -------------------------- My Blog: http://www.thinkingphp.org My Business: http://www.fg-webdesign.de Dr. Tarique Sani wrote: > On 9/22/07, beetlecube <[EMAIL PROTECTED]> wrote: > >> I'm wondering how many users have javascript disabled. >> > > IME - this varies significantly from site to site my photogallery site > has <1% visitors with JS disabled where as my company site has about > 5% > > Why not have a submit button styled to look like a link - wrap the > whole thing in a <form> > > T > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
