[ic] [button] and mv_form_profile question.

[Jeff Dafoe]

> As far as I know, putting the mv_form_profile inside the button, should
> not work. By doing this, mv_form_profile is getting set __after__ it is
> read.  From your example, it doesn't look like your [button] is doing
> anything other than setting mv_form_profile , so you could just do the
> following instead:
>
> <input type=image src="__THEME__/placeorder.gif" name=mv_form_profile
> value=my_validate>

    The issue is that it is then possible for a malicious user to bypass
form validation by saving a local copy of the HTML and modifying it.  This
is the only IC issue to which I really don't have an answer that I like,
which is how to programatically set a form profile without using any
client-side settings.  It's not that the answer doesn't necessarily exist, I
just don't know what it is.


Jeff