Re: proposing Section 508 compliance as requirement for 2.x

[Christopher Murtagh <..hidden..>]

On Wednesday 25 April 2007, David Bandel wrote:
> I was going to recommend pulling the xhtml out.  Right now it's all so
> intertwined I'm working between working code and display code.  While
> OK for one person, it makes splitting out work difficult.  Those of us
> who can do Perl, SQL, _and_ xhtml probably can't do any as well as
> those of us who do just one thing well (sounds like the UNIX
> philosophy).

 This was something that I was (very naively) hoping to do for version 1.0 of 
LSMB. Looking back at that now, I laugh. The display code and business logic 
are intertwined in horrific ways, and to make matters worse, many of the 
input forms do a really, really ugly hack where each time a new item is 
added, instead of preserving state somewhere it's sent back to the client - 
html and all - in a hidden field. This alone makes it nearly impossible to 
properly protect against XSS attacks.

 Definitely we do want to split the display and business logic, but this might 
not be a feasible thing to do in any significant way until we move to 
Template Toolkit or some other similar mechanism.

Cheers,

Chris