[support] HTML forms not Drupal's Forms API -- Badness ExplanationNeeded
Metzler, David
metzlerd at evergreen.edu
Tue Feb 3 19:54:17 UTC 2009
The most compelling reason aside form being more maintainable, is that
drupal forms api implements cross-site scripting vulnerability
protections that may not have been taken care of in the original code.
Dave
________________________________
From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On
Behalf Of Shai Gluskin
Sent: Tuesday, February 03, 2009 11:45 AM
To: support at drupal.org
Subject: [support] HTML forms not Drupal's Forms API -- Badness
ExplanationNeeded
Gang,
I've red-flagged for a potential client (abandoned by former Drupal
developer) an event registration page on their site that uses an html
form to deliver some variables to a Paypal page. Looks like the code
came from a Paypal help page.
I'm proposing using a combination of the signup and signup_pay modules
to handle this functionality. I'd like to give the client a little more
detail on why it is bad to use regular html forms in addition to "It's
more stable," or "it's the Drupal way." On the "It's more stable"
argument, I need some more detail on why and what are some bad things
that can.
Any help would be most appreciated.
Thanks,
Shai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20090203/1d869d16/attachment-0001.htm
More information about the support
mailing list