> > The Tapestry asset feature is used even when you use files from the context > (asset:context:something.jpg).
Yes, but does that mean js-files and css-files etc. should be whitelisted by default? Normally if Tapestry encounters an asset:-statement, it knows the asset should be whitelisted. In this case the asset is already on the public context path, so whitelisting is not even required. > And assets provided by modules should go on the classpath, otherwise you > would have to copy files from that module and put them in predefined > folders, killing the very nice "drop a JAR in the classpath and it works > automatically" feature for Tapestry. That would still work, wouldn't it? I'm not claiming Tapestry cannot access files on the classpath, so drop-in modules should still work. I'm just claiming Tapestry shouldn't share those files with the rest of the world unless specifically told to do so. Therefore components inside the module can still include assets and when they do, they automatically whitelist those assets. regards, Onno
