I guess I should re-read my emails once I type them and spell check them :) Here's another shot: ====================== I read all the emails about this and talked alot about it.
This is my conclusion (and feel to debate!): I don't see a way to clog this hole in the wall and provide backwards compatbility. The problem is the historical behavior is wrong and there's no to right the wrong without providing the correct behavior: specify when an action should be cancelable. If someone upgrades to Struts 1.2.9 or 1.3.x, they should know that they need to set a property on the action that allows the canceling behavior; to allow it by default sets up a situation in which hackers can drill right through people's automatic validation. It doesn't matter if you rename the cancel key, it matters that the key turns on the engine. I think there could be 2 ways of doing this. Have a marker interface called CancelableAction which allows the behavior to be turned on; but ultimately controlled by the action mapping. This allows [1] the Java developer to specify the behavior with [2] the configurer to have final say. Paul __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
