> I should be able to read > through these new docs in the next couple of days, so will provide any > feedback if I have any.
Thanks, that would be useful. On reflection I'd say there were a couple of things that are obviously missing from the treatmentL i) the introduction of a form token for basic XSS protection, as provided by webhelpers.html.secure_form [1] and ii) a check that when a form is re-rendered on validation failure, any data that was entered in password fields is removed before the form is sent for re-presentation. [1] http://www.pylonshq.com/docs/en/0.9.7/thirdparty/webhelpers/html/html/#webhelpers-html-secure-form --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
