[Cubicweb] annotating divs with rql and vid

Adrien Di Mascio adrien.dimascio at logilab.fr
Thu May 24 17:15:58 CEST 2012


On 24/05/2012 16:59, Nicolas Chauvat wrote:
> On Thu, May 24, 2012 at 04:03:58PM +0200, Sylvain Thénault wrote:
>> * We should be able to have cubicweb sites working without allowing
>>    arbitrary rql to be given in http request. While this is a desired
>>    feature of some site, and a powerful aspect of CW, some (corporate/public)
>>    sites clearly want to disable this ability for obvious security
>>    reason. Introducing the above proposal will make this harder if not
>>    impossible.
>
> Does disabling urls built with view?rql=blabla&vid=someview means that you
> disable facets ?

As of now, yes.
-- 
Adrien Di Mascio - LOGILAB, Paris (France).
Tél: 01.45.32.03.12
Formations - http://www.logilab.fr/formations
Développements - http://www.logilab.fr/services
Gestion de connaissances - http://www.cubicweb.org/



More information about the Cubicweb mailing list