Hi Peter,
On 06/13/2012 02:55 PM, Peter wrote:
> Can I throw in option 5:
>
> We leave ModelForms as they are, but emit a warning if you only
> partially render the form?
>
> I'm not sure how feasible this is, but presumably we could keep track of
> which fields have been rendered for a given form instance?
>
> That way, if you render the whole form ( {{ form.as_p }} ) you'll see
> your new sensitive field appear in the page. If you manually render the
> form, you'll get a warning.
I've thought about this. The main problem is that the implementation is
quite difficult in practice: at what point do you perform the check?
There isn't any such thing as an "ok, I think I'm all done rendering
this form now, tell me if I did it right" hook.
There's at least one third-party app out there that does this
(https://github.com/ulope/django-careful-forms), but it registers all
forms in a thread-local and performs the check in a middleware; that's
not something I think belongs in core Django.
> One problem would be excessive warnings if you went further and hand
> craft the HTML - does anyone do that?
Yes.
Carl
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
