Luta, Raphael (VUN) wrote:
De : Jean-Christophe Kermagoret [mailto:[EMAIL PROTECTED]]I agree with what you are saying but :
It's possible to have this kind of behaviour with a javascript function that values the "action" and "template" parameter for each case. For example :You probably don't want to do this in JS, for 3 reasons:
function SubmitDefault() {
form.....action.value = "MyDefaultPortletAction";
form.....template.value = "MyDefaultTemplate.vm" ;
}
function SubmitToUpdate() {
form.....action.value = "MyUpdatePortletAction";
form.....template.value = "MyUpdateTemplate.vm" ;
}
...
What are the reasons to use several action and template variables ?
- you don't trust your client (and if you do, you should not :)
- you can't guarantee that your client will actually execute the
code
- you break the MVC pattern by encoding controller information in your template and tying your different templates together
IMO, you should never explicitely set a template from another
one but always abstract your application flow through a "state"
that is mapped to a template view by your controller code.
It also makes it much easier to validate the current state of the
application.
--
Raphaël Luta - [EMAIL PROTECTED]
Jakarta Jetspeed - Enterprise Portal in Java
http://jakarta.apache.org/jetspeed/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
1 - I can bypass security with hidden fields the same way I could bypass it with JS
2 - Almost everybody has javascript enabled
3 - Using JS is like your hidden fields : designers can change them without breaking anything.
I still don't see any differences. Where are my glasses :-)
--
Jean-Christophe Kermagoret
[EMAIL PROTECTED]
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
