Interesting point! At the moment I don't have any such features, so I
guess I remove my $whitelists and think about this as soon as
required. :-)
Have a nice weekend, Mark!
On Fri, Jan 21, 2011 at 4:22 PM, euromark wrote:
> yes, that should be enough :)
>
> but what about ajax forms or dynamical
yes, that should be enough :)
but what about ajax forms or dynamically added fields?
those cannot be used with sec component
in those cases you will have to manually secure your forms
On 21 Jan., 12:57, psybear83 wrote:
> Hey everybody
>
> to my knowledge, the $whitelist attribute tells a model
Hey everybody
to my knowledge, the $whitelist attribute tells a model, which
attributes should be writable when it comes to a save. I'm using the
Security component which ensures that nobody tampers with my forms
(e.g. adding a new input field), so I guess I don't need $whitelist
anymore, right?
