On Sat, 2007-11-10 at 11:14 -0600, Gary Wilson wrote: > Malcolm Tredinnick wrote: > > I do agree with Chris, though. It's completely unrelated to > > auto-escaping (which will land today, most likely, since I've been > > merging it and updating it yesterday and the day before). > > w00t!
For values of "today" that mean "as soon as the real world stops interfering". :-) > > > Not sure if we should build it into admin or make the middleware a > > requirement for admin, but this isn't a "dismiss it with a wave of the > > hand" situation for me. > > By build it into admin, do you mean build it into newforms? [...] > The csrf middleware components could be factored out for use in both the forms > and in the middleware. Yeah, I'm not really sure what I mean, design-wise. I feel a little uncomfortable about requiring the csrf key all the time in form submissions, but I can't pin down why yet. As a consequence of that, the middleware doesn't quite do the trick for me, because it's always on (you can't say "don't touch this form, I'm handling it manually"). I haven't had time to think about this too much yet, but your approach doesn't look too bad. Introducing request into BaseForm is a little annoying, orthogonality-wise. I realise why it's needed -- we need the session to get the token -- but it's annoying me at the moment. Like I said, though, haven't thought about it enough to sound coherent yet. I feel we should be doing something without over-reacting; not sure where the middle ground is, though. Malcolm -- A conclusion is the place where you got tired of thinking. http://www.pointy-stick.com/blog/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---