again missing a point...
ajax callbacks **should** be signed simply because simply there's no way to
do sign urls in javascript - meaning...if you move the signing part to a
piece of code that is executed on the client, you lost all the benefits of
the signature itself, 'cause it can be forc
This is logical for me. Thank you for the explanation.
I read the book often, especially the ajax part. I found this sentence: "It
is good practice to always digitally sign Ajax callbacks."
Now I ask me:
Is it possible to sign the url and exclude keyword and stype? So that a
user can't submit o
Doesn't work. The generated HTML code:
Am Mittwoch, 19. März 2014 16:31:41 UTC+1 schrieb LightDot:
>
> Try:
>
> TD(INPUT(_id='keyword', _name='keyword', _onkeyup="ajax(URL('callback',
> ['keyword', 'stype'], user_signature=True), 'target');"), _name=
> "search_type")))
>
> Regards
>
> On Wedn
you're missing a point: separation of what is executed by python and what
is executed by javascript.
user_signature takes into consideration a/c/f , args AND vars.
your URL link in the onkeyup attribute is generated by python, but then
ajax() takes the values presented in the form (in your case
Try:
TD(INPUT(_id='keyword', _name='keyword', _onkeyup="ajax(URL('callback',
['keyword', 'stype'], user_signature=True), 'target');"), _name=
"search_type")))
Regards
On Wednesday, March 19, 2014 1:59:38 PM UTC+1, Mike Constabel wrote:
>
> Hi,
>
> in a form i have
>
> TD(INPUT(_id='keyword', _n
5 matches
Mail list logo
