On Wed, Jun 13, 2012 at 5:05 PM, Carl Meyer <[email protected]> wrote:
> Hi Peter,
>
> On 06/13/2012 02:55 PM, Peter wrote:
>> Can I throw in option 5:
>>
>> We leave ModelForms as they are, but emit a warning if you only
>> partially render the form?
>>
>> I'm not sure how feasible this is, but presumably we could keep track of
>> which fields have been rendered for a given form instance?
>>
>> That way, if you render the whole form ( {{ form.as_p }} ) you'll see
>> your new sensitive field appear in the page. If you manually render the
>> form, you'll get a warning.
>
> I've thought about this. The main problem is that the implementation is
> quite difficult in practice: at what point do you perform the check?
> There isn't any such thing as an "ok, I think I'm all done rendering
> this form now, tell me if I did it right" hook.
I, too, was thinking about this kind of solution. In fact, it came up
for me the other day because I had forgotten to exclude a field that I
did not have on the form, and so the value ended up getting wiped out
when I saved. So, perhaps a solution that prevented others from adding
fields could also be a solution that checked to make sure that the
form was editing all fields it should be.
What about a {% validate %} tag in the form which would do a runtime
check to make sure that all non-excluded fields had been rendered?
-Doug
> There's at least one third-party app out there that does this
> (https://github.com/ulope/django-careful-forms), but it registers all
> forms in a thread-local and performs the check in a middleware; that's
> not something I think belongs in core Django.
>
>> One problem would be excessive warnings if you went further and hand
>> craft the HTML - does anyone do that?
>
> Yes.
>
> Carl
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/django-developers?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
