jbholden
commented
10 years ago Yes I agree. We should be able to write tests for this. I believe the python urllib2 module will let you test this. I already use it to test some GET requests to make sure the page is active.
Even though we can enforce much of the data that is entered on forms via drop-down lists...you can't depend on that to limit the data that is actually submitted. A relatively sophisticated user could create their own POST method to submit whatever data they like.
Because of this it is necessary to ALWAYS validate data that comes from a GET or POST submission.
Not really a question, but I wanted to throw it out there to make sure we were in agreement.