On Monday, September 12, 2011 5:39:03 PM UTC+2, Reinout van Rees wrote: > > Addition: disallow attributes/methods starting with an underscore? > > That's a handy way to stow away dangerous methods should you have them > in your view. > That's already the case for resolving variables in templates, I don't think we need any specialcasing here.
> The only way I can see yourself shooting in the foot is when you have a > form view that reacts to get() and post(). Upon "get()", the template > *could* call data-modifying methods on the class. Not easily, since the templates can only call methods which don't require extra params, get/post do take request at least. Cheers, Florian -- You received this message because you are subscribed to the Google Groups "Django developers" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-developers/-/l0KxbKKA2tAJ. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
