[wp-hackers] Security at Wordpress

Andrew Krespanis leftjustified at gmail.com
Mon Apr 24 01:56:23 GMT 2006


On 4/23/06, Owen Winkler <ringmaster at midnightcircus.com> wrote:
> Users might actually enjoy crappy-looking UI if you are able to explain to them why it's
> better, though you're not doing much convincing here.

The "ugly UI" reason for avoiding POST is as silly as the "MD5 vs.
dictionary" reason for wanting to use a more processor intensive hash
for nonces.

form.btn {display:inline}

Done. Can we move away from that excuse now or am I going to have to
do a full html mockup with <input>s inplace of all action-performing
links to prove my point?

I'm not siding with anyone here regarding GET vs. POST, merely
pointing out this UI excuse is lame. All modern browsers now support
styling of form elements (even Safari and Opera; though they're user
options) and regardless, a standard HTML form button is just a text
string with a border and background... it's not the end of the world
people! :P

-Andrew


More information about the wp-hackers mailing list