Saturday, August 31, 2013

Re: list(form) makes my form not safe anymore

If you don't want a particular field to display, then don't include it into your form. Not showing it doesn't exclude it from form processing, so it's a security risk.

You can exclude fields with the exclude attribute of the forms inner Meta class: https://docs.djangoproject.com/en/dev/topics/forms/modelforms/#selecting-the-fields-to-use
Or even better, use include and select explicitly which fields should be used.

If you want to/must set the excluded field before saving the model instance, you got to do instance = save(commit=False) and then edit the instance. See the "Note" box just below the link above.



Am Samstag, 31. August 2013 15:21:24 UTC+2 schrieb Gerd Koetje:
atleast not with this code to seperate it

{% for field in form|slice:"1:8" %}

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.

No comments:

Post a Comment