[Cubicweb] annotating divs with rql and vid

Sylvain Thénault sylvain.thenault at logilab.fr
Thu May 24 17:24:36 CEST 2012


On 24 mai 17:09, Adrien Di Mascio wrote:
> On 24/05/2012 16:03, Sylvain Thénault wrote:
> >On 24 mai 14:51, Nicolas Chauvat wrote:
> >While I see the benefit of the idea, I would like to warn about the
> >following things:
> >
> >* We should be able to have cubicweb sites working without allowing
> >   arbitrary rql to be given in http request. While this is a desired
> >   feature of some site, and a powerful aspect of CW, some (corporate/public)
> >   sites clearly want to disable this ability for obvious security
> >   reason. Introducing the above proposal will make this harder if not
> >   impossible.
> 
> This is indeed something to be kept in mind but I think it should
> not be so hard do deactivate the <div data-rql ...> generation on
> those sites. Do you foresee specific problems ?

If all the relevant facet code is implemented based on this, yes :
I want to be able to deactivate rql input but to keep the facets
functionnality.
 
-- 
Sylvain Thénault, LOGILAB, Paris (01.45.32.03.12) - Toulouse (09.54.03.55.76)
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
CubicWeb, the semantic web framework:    http://www.cubicweb.org



More information about the Cubicweb mailing list