Max Pfingsthorn wrote:
Hi!
I actually like this for exactly the reason Giacomo pointed out. The thing I am
always afraid of is vulnerability to malicious requests, which this actually
prevents.
This is in itself not a template (i.e. rendering) option but changes the model on the
fly, which can be considered as a "view" of the model, so I would think it does
belong into the template.
Alternatively, you can of course take care of this in your flowscript which
calls the template pipeline in the first place, but then you have to know the
correct ID of the widget, which can be rather hard, especially if you use
libraries or some other way to generate forms.
I totally agree with your concern of malicious requests, and that was
actually one of the motivations behind widget states. Now, as said in my
previous post, I consider this a business logic concern that has nothing
to do in the template.
Sylvain
--
Sylvain Wallez Anyware Technologies
http://people.apache.org/~sylvain http://www.anyware-tech.com
Apache Software Foundation Member Research & Technology Director
