> > You could probably have a partial validation, per-page, and a complete > > one on the final page, essentially re-validating all the fields. > > HTML-escaping of these hidden fields values would be mandatory in all > > cases anyway. > > Yes, my thoughts exactly. Per-page validation, plus a final validation > after the last step of the wizard.
What I've always done in these cases is carry a MAC along with the hidden data and just validate that the hidden data hasn't changed by re-hashing it after each form submit. You don't really need to re-validate the already-validated data, you just need to ensure that it hasn't changed since you validated it. JP --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
