Yep, I did mean invoke any public method for any object in context. So do as somebody already said - pass immutable objects to prevent malicious actions from custom template e.g. it isn't a good decision to pass 'alive' business object as is to Velocity context.
On 31 March 2010 05:25, ChadDavis <[email protected]> wrote: > On Tue, Mar 30, 2010 at 4:22 PM, Treague, Keith > <[email protected]> wrote: > > Can you please elaborate how? > > > > I don't think he means arbitrary exactly, but the Velocity Template > Language allows you to invoke methods, like myObect.myMethod(). So, > any object in the velocity context is subject to any of it's public > methods being invoked. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Regards, Alexander
