[Cubicweb] annotating divs with rql and vid

Nicolas Chauvat nicolas.chauvat at logilab.fr
Thu May 24 16:59:08 CEST 2012


On Thu, May 24, 2012 at 04:03:58PM +0200, Sylvain Thénault wrote:
> * We should be able to have cubicweb sites working without allowing
>   arbitrary rql to be given in http request. While this is a desired
>   feature of some site, and a powerful aspect of CW, some (corporate/public)
>   sites clearly want to disable this ability for obvious security 
>   reason. Introducing the above proposal will make this harder if not 
>   impossible.

Does disabling urls built with view?rql=blabla&vid=someview means that you
disable facets ?

> * A lot of views are not only depending on the rql+vid couple, but also
>   on additional, arbitrary, arguments. This is somewhat handled by facets
>   currently but is imo not really fancy. This later pb could be handled
>   by making views more easily self-contained, as recently done (at least
>   partially) for table views.

This reminds me of the bookmarks. I just had a look at the code and it
does not work as I thought. There is a specific widget that allows to
edit the path attribute as if it were made of two parts.

-- 
Nicolas Chauvat

logilab.fr - services en informatique scientifique et gestion de connaissances  


More information about the Cubicweb mailing list