[pmwiki-users] Form Input missing 4 types !!!!
Patrick R. Michaud
pmichaud at pobox.com
Mon Aug 28 10:20:56 CDT 2006
On Mon, Aug 28, 2006 at 10:05:40AM -0500, JB wrote:
> > nobody has demonstrated a place where it's needed
> I suggested one - AJAX.
AJAX is a web communications protocol, it's not an application.
I'd need to see an example where someone is actively developing an
application with PmWIki that will benefit from the existence
of an (:input button:), as opposed to a hypothetical example
where it might be useful.
> >From website: http://www.htmlcodetutorial.com/forms/_INPUT_onClick.html
> onClick gives the script to run when the user clicks on the
> input. onClick applies to buttons (submit, reset, and button),
> checkboxes, radio buttons, and form upload buttons.
> If the input type "button" is a security risk then are not
> the other input types - submit, reset, checkbox, radiobutton
> also secutiry risks?
No, because PmWiki doesn't provide any way for an author to
add an "onClick" attribute to those button types.
> To fix this security risk PMWiki could make it so the above
> various input control event attributes are restricted to:
> 1) calling a function only from the current url directory ()
based on their source.
> other limited commands that are harmless.
"alert()" doesn't seem all that useful. I'd want to see a list
of actual commands that would be generic and useful before adding
this to the core. (If they aren't generally useful, they belong
All in all, it seems like an *awful* lot of coding for a feature
for which we don't even have a working useful example yet.
PmWikiPhilosophy #3 definitely applies here.
More information about the pmwiki-users