[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110)
Today, it is possible to call .related and get a huge unlimited
database-dos-inducing resultset that will be nevertheless limited a
bit further in pure python in the `autolimited` view.
While we cannot completely avoid potential denial of services such as
these we mitigate the problem with the default ui settings: if the
inner vid is `autolimited`, then the relation result sets is computed
using the user-defined limit.
This change respects the semantics of the `autolimited` view and
shouldn't break anything.
<html>
<head>
<script type="text/javascript" src="../../data/jquery.js"></script>
<script src="../../data/cubicweb.js" type="text/javascript"></script>
<script src="../../data/cubicweb.compat.js" type="text/javascript"></script>
<script src="../../data/cubicweb.python.js" type="text/javascript"></script>
<script src="../../data/cubicweb.htmlhelpers.js" type="text/javascript"></script>
<script type="text/javascript" src="qunit.js"></script>
<link rel="stylesheet" type="text/css" media="all" href="qunit.css" />
<script src="cwmock.js" type="text/javascript"></script>
<script src="test_htmlhelpers.js" type="text/javascript"></script>
</head>
<body>
<div id="main">
</div>
<h1 id="qunit-header">cubicweb.htmlhelpers.js functions tests</h1>
<h2 id="qunit-banner"></h2>
<h2 id="qunit-userAgent"></h2>
<ol id="qunit-tests">
</body>
</html>