Dave Newton wrote:
--- Gary Affonso <[EMAIL PROTECTED]> wrote:
And that does it. Direct model injection. Easy.
Technically, no, it's indirected by one level.
*All* ModelDriven does is push the model on to the
stack so it's available at the top level. AFAIK
there's no compelling reason to do that other than
saving some very minor typing (and, perhaps, clarity?)
on the display side.
Thanks for the info. I personally find ModelDriven *less* clear in the
view layer. With ModelDriven you get something like...
<input type="hidden" name="firstName" value="foo" />
instead of...
<input type="hidden" name="postalAddress.firstName" value="foo" />
I *like* that the model-object name is in the view along with the
property name, I find it more explicit and clear. Maybe that's just me,
though.
I had heard talk at one point that there was a plan to address the
security shortcomings of letting the view directly inject into the
Action. I was thinking ModelDriven was where that security check
happened. Apparently not.
Anybody know if/how security is handled for OGNL expressions contained
within the names of post/get data? They're obviously getting evaluated
(thus the security issue), I thought I had seen a post go by talking
about how that evaluation was being made safe(r).
Thanks!
- Gary
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
