Trying to do my part.
I would bring this issue up with the xforms working group.
I think it raises security issues if it is "easy" to
change an action.
Of course, it's not really a problem for your server-side
code, and javascripted code is already vulnerable,
so, yes, I suppose this might be a case where AVT
would work, but I don't recall at what stage they
are evaluated. So, perhaps yes, AVT for xform
elements, evaluated when the element is processed.
Cheers,
Hank
> Hi Hank,
>
> On Mon, May 5, 2008 at 5:47 PM, Hank Ratzesberger
> <
hankr@...> wrote:
>> The problem is that you cannot change the "action" attribute
>> of a submission -- at least, I don't know how to do this
>> in a dynamic way. (otherwise, you could change the action to
>> the url of your data, then submit / get it .)
>
> Would AVTs work in this case? I.e. action="{xpath-expression}".
>
>> (and Alex can always answer these questions more quickly
>> and thoroughly than I.)
>
> (To be fair, you are doing hell of a job here answering questions here
> in the list! Thank you very much for your help!)
>
> Alex
> --
> Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
> Orbeon's Blog:
http://www.orbeon.com/blog/> Personal Blog:
http://avernet.blogspot.com/> Twitter -
http://twitter.com/avernet>
--
You receive this message as a subscriber of the
ops-users@... mailing list.
To unsubscribe: mailto:
ops-users-unsubscribe@...
For general help: mailto:
sympa@...?subject=help
OW2 mailing lists service home page:
http://www.ow2.org/wws
