[Cubicweb] annotating divs with rql and vid

Sylvain Thénault sylvain.thenault at logilab.fr
Thu May 24 17:19:30 CEST 2012

On 24 mai 16:59, Nicolas Chauvat wrote:
> On Thu, May 24, 2012 at 04:03:58PM +0200, Sylvain Thénault wrote:
> > * We should be able to have cubicweb sites working without allowing
> >   arbitrary rql to be given in http request. While this is a desired
> >   feature of some site, and a powerful aspect of CW, some (corporate/public)
> >   sites clearly want to disable this ability for obvious security 
> >   reason. Introducing the above proposal will make this harder if not 
> >   impossible.
> Does disabling urls built with view?rql=blabla&vid=someview means that you
> disable facets ?

no, I want to change the way facets are implemented to make them work without
rql parameter (should not be hard).
> > * A lot of views are not only depending on the rql+vid couple, but also
> >   on additional, arbitrary, arguments. This is somewhat handled by facets
> >   currently but is imo not really fancy. This later pb could be handled
> >   by making views more easily self-contained, as recently done (at least
> >   partially) for table views.
> This reminds me of the bookmarks. I just had a look at the code and it
> does not work as I thought. There is a specific widget that allows to
> edit the path attribute as if it were made of two parts.

Curious how you had thought it did work.
Sylvain Thénault, LOGILAB, Paris ( - Toulouse (
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
CubicWeb, the semantic web framework:    http://www.cubicweb.org

More information about the Cubicweb mailing list