I'm curious why storing a list in hidden fields, even as ids, isn't
considered a huge security hole. Doesn't it seem like it is just
inviting users to manipulate their application into letting them do
things to entities they shouldn't have access to, etc. I use volatile
wherever I can, despite t
I'm not certain this change happened from 4.1 to 4.1.1 as I'm pretty
sure I never made it. Maybe from 3 -> 4 ?
The list is stored in the form ~specifically~ so that it does match
exactly on render/rewind as anything else would be un-predictable .
You can set volatile=true on your list -> but if y
