so, one of the things i noticed a while ago was that the number of items made available in the Velocity Context at rendering time is pretty astounding and probably needs to be cleaned up.
I know this is a bit of a touchy subject because it's pretty tough to just go in and remove something from the context because there may be a template out there still using that data, but it still seems like we need to make some decisions. Here's a couple examples ... *Data.remove() is available to users (try $website.remove() in a template) PageHelper.evaluateString() is available to users (this one actually bit us in the ass already and a user caught themself in a recursive loop which killed the server) Some of these may be a simple case of updating the public, protected, private access levels on methods, but some cases may mean removing objects from the Context and/or removing methods from objects that are part of the Context. So i guess the big questions are ... 1. What are peoples thoughts on cleaning up the objects in the velocity context that is made available to users? 2. What is our overall strategy in terms of what objects we want to make available to users? Obviously we only want to allow users to get at data and never actually modify/delete data, but can we do that by allowing users direct access to our pojo classes? -- Allen
