On 27.03.2007, at 14:29, Henrik Dvergsdal wrote: >> How exactly should such a control look, in your opinion? > > I think it should be rendered much like the content of an object > element, except that it should be reserved for input tools that > produce xml markup (crude text editors, WYSIWYG editors - whatever). Ok so it should be a container which will contain other tools? >> Additionally, you have to check submitted form data on the server >> side too > > I don't think so. If the content is validated by the browser > before it is sent back to the server, manual insertion etc. will > have to occur beneath the browser - at HTTP protocol level. And we > have to trust what's happening there don't we? Not at all... If the form submits via GET, all I have to do is add a parameter in the URL. You *always* have to check for valid input on the server side, else you make attacks possible... Best, Alexander GrafReceived on Tuesday, 27 March 2007 12:37:57 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2007 12:37:57 GMT