Mercurial > p > roundup > code
view website/issues/html/keyword.item.html @ 5212:d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
This was an easy addon compared to the complexity of the CSRF nonce
support. It only works in chromium browsers (Chrome, Opera...) at
the moment. But there is recent activity on implementing it in
firefox. Who know when edge/ie will adopt it. So csrf nonce and
header analysis will be needed for a while.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 19 Mar 2017 19:01:41 -0400 |
| parents | c2d0d3e9099d |
| children | eff9c5435acc |
line wrap: on
line source
<tal:doc metal:use-macro="templates/page/macros/icing" define="edit_ok context/is_edit_ok" > <title metal:fill-slot="head_title"> <tal:if condition="context/id" i18n:translate="" >Keyword <span tal:replace="context/id" i18n:name="id" />: <span tal:replace="context/name" i18n:name="title" /> - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker" /></tal:if> <tal:if condition="not:context/id" i18n:translate="" >New Keyword - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker" /></tal:if> </title> <metal:slot fill-slot="more-javascript"> <script type="text/javascript" src="@@file/help_controls.js"></script> </metal:slot> <tal:block metal:fill-slot="body_title" define="edit_ok context/is_edit_ok"> <span tal:condition="python: not (context.id or edit_ok)" tal:omit-tag="python:1" i18n:translate="">New Keyword</span> <span tal:condition="python: not context.id and edit_ok" tal:omit-tag="python:1" i18n:translate="">New Keyword Editing</span> <span tal:condition="python: context.id and not edit_ok" tal:omit-tag="python:1" i18n:translate="">Keyword<tal:x replace="context/id" i18n:name="id" /></span> <span tal:condition="python: context.id and edit_ok" tal:omit-tag="python:1" i18n:translate="">Keyword<tal:x replace="context/id" i18n:name="id" /> Editing</span> </tal:block> <td class="content" metal:fill-slot="content"> <p tal:condition="python:not (context.is_view_ok() or request.user.hasRole('Anonymous'))" i18n:translate=""> You are not allowed to view this page.</p> <p tal:condition="python:not context.is_view_ok() and request.user.hasRole('Anonymous')" i18n:translate=""> Please login with your username and password.</p> <div tal:condition="context/is_view_ok"> <form method="POST" tal:define="required python:'name description'.split()" enctype="multipart/form-data" tal:attributes="action context/designator;"> <table class="form"> <tr> <th class="required" i18n:translate="">Keyword:</th> <td tal:content="structure python:context.name.field(size=60)">title</td> </tr> <tr> <th class="required" i18n:translate="">Description:</th> <td tal:content="structure python:context.description.field(size=60)">description</td> </tr> <tr tal:condition="context/is_edit_ok"> <td> <input type="hidden" name="@template" value="item"> <input type="hidden" name="@required" value="name,description" tal:attributes="value python:','.join(required)"> </td> <td><input type="submit" value="save" tal:replace="structure context/submit"><!--submit button here--> <input type="reset"> </td> </tr> </table> </form> </div> </td> </tal:doc>