[Zope-dev] [RFClet]: What about the request method and the client side trojan?

[Casey Duncan]

Toby Dickenson wrote:
[snip]
> 4. Change dtml to not allow <dtml-var someNonIdempotentMethod>, although it 
> should still allow <dtml-var "someNonIdempotentMethod()">

Ahhh!

How do you propose to do that? I see a lot of bruised foreheads 
resulting from this...

> How many problems would this cause.....
[snip]
> 
> c. It affects code that uses <dtml-var someNonIdempotentMethod> to call a 
> method with no parameters. I have no idea how common that would be.

Likely very common.

> 
> On balance, I think it might be worth building a prototype.

Best of luck to you.

-Casey