cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <sylv...@apache.org>
Subject Re: svn commit: r330598 - /cocoon/blocks/forms/trunk/java/org/apache/cocoon/forms/generation/JXMacrosHelper.java
Date Thu, 10 Nov 2005 16:33:48 GMT
Max Pfingsthorn wrote:
> Hi!
>
> I actually like this for exactly the reason Giacomo pointed out. The thing I am always
afraid of is vulnerability to malicious requests, which this actually prevents.
> This is in itself not a template (i.e. rendering) option but changes the model on the
fly, which can be considered as a "view" of the model, so I would think it does belong into
the template.
> Alternatively, you can of course take care of this in your flowscript which calls the
template pipeline in the first place, but then you have to know the correct ID of the widget,
which can be rather hard, especially if you use libraries or some other way to generate forms.
>   

I totally agree with your concern of malicious requests, and that was 
actually one of the motivations behind widget states. Now, as said in my 
previous post, I consider this a business logic concern that has nothing 
to do in the template.

Sylvain

-- 
Sylvain Wallez                        Anyware Technologies
http://people.apache.org/~sylvain     http://www.anyware-tech.com
Apache Software Foundation Member     Research & Technology Director


Mime
View raw message