[development] Hello from another developer/Want to add
some features
Sammy Spets
sammys-drupal at synerger.com
Wed Feb 1 03:46:49 UTC 2006
Thanks for the input again Adrian. I've hit a potential policy snag and
thought it wise to discuss before continuing. I'd like to hear from
anyone with 2 cents. :)
At present, readonly form fields are limited to only <input> tags. So
our poor <select> doesn't have the ability to join its elite
counterparts.
Why it is the readonly attribute is being used in the input tags rather
than just showing the data without using a form element tag?
My reasoning is this: if a form element is used, including hidden, it
opens up that form to abuse through edited forms. In addition, would it
not be better to have a uniform readonly element generated?
I realise this would then prevent those fields from being sent back to
the server. However, in the end it is more secure. Module changes
required are relatively trivial since they have ready access to values
currently in the database.
Let 'em rip!
--
Sammy Spets
Synerger Pty Ltd
http://www.synerger.com/
More information about the development
mailing list