urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

not so fast

master
Joey Hess 2009-02-03 13:51:10 -05:00
parent bc3fb1ceab
commit 1b3dbe0b91
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/todo/comments.mdwn
View File

@ -17,6 +17,15 @@
a single button-press, without being vulnerable to cross-site request forgery.
So I'll put this in as wontfix. --[[smcv]]
> Surely there's a way around that?
> A web 2.0 way comes to mind: The user clicks on a link
> to open the comment post form. While the nasty web 2.0 javascript :)
> is manipulating the page to add the form to it, it looks at the cookie
> and uses that to insert a sid field.
>
> Or, it could have a mandatory preview page and do the CSRF check then.
> --[[Joey]]
* It would be useful to have a pagespec that always matches all comments on
pages matching a glob. Something like `comment(blog/*)`.
Perhaps postcomment could also be folded into this? Then the pagespec