X-Git-Url: http://git.tremily.us/?a=blobdiff_plain;ds=sidebyside;f=doc%2Ftodo%2Fcomments.mdwn;h=7a113bee375cacde69c0f05ec4d494e26f3a438a;hb=f2ba73d362a24ee6968892bed6c840a3ef14a1f2;hp=c74ded8f6bb40746b212fc26009f00c59f843388;hpb=af9566a6952905beff7f1ca9db64f01c3faf4ff2;p=ikiwiki.git diff --git a/doc/todo/comments.mdwn b/doc/todo/comments.mdwn index c74ded8f6..7a113bee3 100644 --- a/doc/todo/comments.mdwn +++ b/doc/todo/comments.mdwn @@ -10,18 +10,21 @@ > it's hard enough to get some people to title their blog posts :-) > --[[smcv]] -## Patches pending merge - -* There is some common code cargo-culted from other plugins (notably inline and editpage) which - should probably be shared - - > Actually, there's less of this now than there used to be - a lot of simple - > things that were shared have become unshareable as they became more - > complex. --[[smcv]] +## Won't fix - > There's still goto. You have a branch for that. --[[Joey]] +* Because IkiWiki generates static HTML, we can't have a form inlined in + page.tmpl where the user fills in an entire comment and can submit it in + a single button-press, without being vulnerable to cross-site request forgery. + So I'll put this in as wontfix. --[[smcv]] -## Won't fix + > Surely there's a way around that? + > A web 2.0 way comes to mind: The user clicks on a link + > to open the comment post form. While the nasty web 2.0 javascript :) + > is manipulating the page to add the form to it, it looks at the cookie + > and uses that to insert a sid field. + > + > Or, it could have a mandatory preview page and do the CSRF check then. + > --[[Joey]] * It would be useful to have a pagespec that always matches all comments on pages matching a glob. Something like `comment(blog/*)`. @@ -47,6 +50,17 @@ ## Done +* There is some common code cargo-culted from other plugins (notably inline and editpage) which + should probably be shared + + > Actually, there's less of this now than there used to be - a lot of simple + > things that were shared have become unshareable as they became more + > complex. --[[smcv]] + + > There's still goto. You have a branch for that. --[[Joey]] + + >> Now merged --[[smcv]] + * The default template should have a (?) icon next to unauthenticated users (with the IP address as title) and an OpenID icon next to OpenIDs @@ -91,6 +105,7 @@ > and c42f174e fix another `beautify_urlpath` bug and add a regression test > --[[smcv]] + * Now that inline has some comments-specific functionality anyway, it would be good to output `` in Atom and the equivalent in RSS.