[Seaside] #disabled: + #callback:
pdebruic at gmail.com
Mon Feb 27 16:35:17 UTC 2017
If in a Seaside form (3.2.1 but not sure it matters) you have an input with a callback (& e.g #onChange: handler) and set its state to 'disabled' a nefarious actor can remove the 'disabled' state from the form element in the browser and then trigger the seaside callback on the form submit.
How do people usually handle this?
Right now in critical places I have two sets of form-input-drawing code e.g.
ifTrue:[ html textInput
value: self name ]
ifFalse:[ html textInput
onChange: html jQuery ajax serializeThis;
on: #name of: self].
But in other places I am neglectful.
Does that make sense?
Thanks for any thoughts you care to share
More information about the seaside