[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110)
Today, it is possible to call .related and get a huge unlimited
database-dos-inducing resultset that will be nevertheless limited a
bit further in pure python in the `autolimited` view.
While we cannot completely avoid potential denial of services such as
these we mitigate the problem with the default ui settings: if the
inner vid is `autolimited`, then the relation result sets is computed
using the user-defined limit.
This change respects the semantics of the `autolimited` view and
shouldn't break anything.
$(document).ready(function() {
module("module2", {
setup: function() {
$('#main').append('<select id="theselect" multiple="multiple" size="2">' +
'</select>');
}
});
test("test first selected", function() {
$('#theselect').append('<option value="foo">foo</option>' +
'<option selected="selected" value="bar">bar</option>' +
'<option value="baz">baz</option>' +
'<option selected="selecetd"value="spam">spam</option>');
var selected = firstSelected(document.getElementById("theselect"));
equals(selected.value, 'bar');
});
test("test first selected 2", function() {
$('#theselect').append('<option value="foo">foo</option>' +
'<option value="bar">bar</option>' +
'<option value="baz">baz</option>' +
'<option value="spam">spam</option>');
var selected = firstSelected(document.getElementById("theselect"));
equals(selected, null);
});
module("visibilty");
test('toggleVisibility', function() {
$('#main').append('<div id="foo"></div>');
toggleVisibility('foo');
ok($('#foo').hasClass('hidden'), 'check hidden class is set');
});
});