From the Spring API, I understood that using @InitBinder to start some compelling rules ..
In animalistic examples, do we have setdisallowed ("id") ? When ID is not displayed on the form?
@InitBinder Public Zero Set alaged field (webdatbuilder databender) {dataBinder.setDisallowedFields ("id"); } The id field is not displayed on the web page, so why are we using the code above?
We have something like this:
@InitBinder Public Zero Set Aloudedged (WebDataBender Data Binder) {dataBinder.setDisallowedFields ("First name"); } According to the code above, the first name field of the owner item will not be set, though the user enters the form? Is it true?
Because it can still be deposited if the end-user modifies the page or request (for example Firebug ) Thus, he can inject the values in his bound object even if you do not want it.
Comments
Post a Comment