[html-formfu] Re: Always HTTP Method POST
Rod Taylor
rod.taylor at gmail.com
Sat Feb 20 21:42:33 GMT 2010
> A single flag I can set in
Didn't Finish.
A single flag I could set in either the configuration or a mechanism
to create a custom constraint with access to the catalyst object ( $c
) would be very useful for generic security additions.
Another one I've been considering is referrer enforcement.
Someone smart can of course script around it but it would be more than
enough to prevent someone from putting a malicious <img> tag some
place like a forum; not that I have such a place at the moment but I
probably will in the future.
More information about the HTML-FormFu
mailing list