On 12-09-11 18:25, Florian Apolloner wrote:
On Monday, September 12, 2011 5:39:03 PM UTC+2, Reinout van Rees wrote:Addition: disallow attributes/methods starting with an underscore? That's a handy way to stow away dangerous methods should you have them in your view. That's already the case for resolving variables in templates, I don't think we need any specialcasing here. > The only way I can see yourself shooting in the foot is when you have a > form view that reacts to get() and post(). Upon "get()", the template > *could* call data-modifying methods on the class. Not easily, since the templates can only call methods which don't require extra params, get/post do take request at least.
I love it when problems solve themselves :-) Reinout -- Reinout van Rees http://reinout.vanrees.org/ [email protected] http://www.nelen-schuurmans.nl/ "If you're not sure what to do, make something. -- Paul Graham" -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
